- BigBasket acknowledged the massive user data breach in November last year.
- The same user data is now being made available on the dark web for a fee.
- The data breach includes personal information of the users including their email IDS, phone numbers, addresses and more.
Yet another user database has been leaked to the dark web and this time the victim is the popular online grocery delivery platform BigBasket. The massive data leak is said to comprise the data of 20 million BigBasket users, including their email ID, home address, phone number, IP address and more such personal data.
The data leak from the company servers was first acknowledged by the service back in November last year. The hacker behind the leak has now published the user data on a cybercrime forum and has made it available for anyone to download.
The hacking group reported to be responsible for the data leak is known by the name ShinyHunters. As per threat intelligence SaaS provider Cyble, the cyber group has been active since 2015 and has been leaking such user databases on the dark web for long. The group has leaked a combined total of 73.2 million user records from over 11 different companies to date.
Cyble was the first to point out the BigBasket data breach back in October last year. The cybersecurity firm informed BigBasket of the same in the month to follow, to which the company acknowledged a data breach at the time. Cyble says that the data was put up for sale on the dark web for as much as $40,000.
Users of the service have been receiving notifications of a potential data leak from portals like ' have I been pwned' and ' am I breached'. The online services tell people if their data has been a part of a data breach in the past. All they require is the user ID to find out all the incidents in which data pertaining to the ID has been leaked before.
Such tech-enabled services have been the victims of such massive data leaks in the past. Most recently, Dominos had allegedly been hit by such a data breach, with the credit card details of allegedly 1 million users having been compromised at the time. Popular social media platforms like Facebook and LinkedIn have also been the targets of such attacks.