BigBasket data breach | Hackers leak sensitive information of more than 20 million users online
- 2748
- 53
-
- Last Comment
A well-known illicit forum is now hosting personal details of 20 million BigBasket users. The data was stolen last year in November after the grocery delivery platform was hacked.
A group calling themselves ‘ShinyHunters’ published the massive database on the forum over the weekend and it is available for anyone to download and use. Some users on the forum have even claimed that have managed to decode hashed passwords and have put them up for sale separately.
BigBasket filed a police complaint with the Bengaluru Cyber Crime Cell last year to verify cyber intelligence group Cyble’s claims that the company had suffered a massive breach.
Cyble alleged that the data was for sale on the dark web for Rs. 30 lakh. In a blog published by the cyber intelligence group, they claimed that they had found a database of BigBasket customer details on sale for over $40,000. They also added that data included names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and even IP addresses of the users affected. The breach occurred on October 30, 2020.
BigBasket has only made a single statement on the breach stating that they were working “with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
- Sort By
Purchase order put up by Grofers , DMart etc.
Dialogue goes well with your DP. 
Firefox Monitor warns you about data breaches involving your personal info. We just received details about another company’s data breach.
I just got this email..
Another day another data breach
I get option of using otp only… Sont remember setting password
me too
Is Intermiles hacked?
I got email stating login alert from different locations/ number/ device… @ 9.35 am.
Just changed password..
Any one else got intermiles alert?
Now a days hacking become very frequent and no action from cyber crime Police.
so hacking occurred in november..so around 5 months back…
still using the same account ..hope mine is not hacked… 
But now they made account details public.
So change password immediately.
Probably BB was aware of the leak, so they changed to OTP only login latter on.
If you guys use separate random password for diff websites this won’t affect you much,
However the saddest part is personal data is now public. Say if somebody knows your mobile or email he can now know your address too, it’s too easy and a no brainer.
yep… jus gone through the openly dumped ~15gb sql file and there it is: my name, email, phone, address, total orders related stuff..
well there’s nothing much that can be done at this point since its openly distributed on web!!
at the least I get to see my bb statistics: up until Oct 2020, its around 320 orders summing upto 2.2L total.. so that’s roughly 695/order I guess.
*the file has a record of anyone who created an account b/w Nov 2011 & Oct 2020.
*no payment related details or such.
Can you pm me the dump link
you can easily find the file on raidf0rums & yes the password is hashed
But some hackers claiming password hash can be removed?
I got this mail from Firefox Monitor:
[email protected] appeared in a new data breach
Firefox Monitor warns you about data breaches involving your personal info. We just received details about another company’s data breach.
bigbasket
Breach added: April 26, 2021
Compromised data: Passwords, IP addresses
So it’s best to change your BigBasket password immediately.
I heard in thread itself that now bigbasket uses otp instead of passwords.
But if password is there then change it.thats best thing to do.
have you signedup on firefox?
or you just saved your credentials on firefox?
Someone please tag SRK
Or please give me his no (his details also would have been leaked right) so that i can console him because KKR is losing all matches now