A well-known illicit forum is now hosting personal details of 20 million BigBasket users. The data was stolen last year in November after the grocery delivery platform was hacked.
A group calling themselves 'ShinyHunters' published the massive database on the forum over the weekend and it is available for anyone to download and use. Some users on the forum have even claimed that have managed to decode hashed passwords and have put them up for sale separately.
BigBasket filed a police complaint with the Bengaluru Cyber Crime Cell last year to verify cyber intelligence group Cyble's claims that the company had suffered a massive breach.
Cyble alleged that the data was for sale on the dark web for Rs. 30 lakh. In a blog published by the cyber intelligence group, they claimed that they had found a database of BigBasket customer details on sale for over $40,000. They also added that data included names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and even IP addresses of the users affected. The breach occurred on October 30, 2020.
BigBasket has only made a single statement on the breach stating that they were working "with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book."
