- E-commerce platforms Flipkart and BigBasket were recently embroiled in a data leak.
- BigBasket’s recent data leak has exposed the data of some Flipkart users as well.
- Following the leak, some users who had the same credentials for Flipkart and BigBasket have complained that their accounts are being hacked.
E-commerce platforms Flipkart and BigBasket were recently embroiled in a data leak. It is being reported that BigBasket's recent data leak has exposed the data of some Flipkart users as well. The matter has resurfaced seven months after it was first discovered. BigBasket was involved in a massive data breach in November which had comprised personal data of around 2 crore users. Many months later the data was put on sale online.
Following the leak, some users who had the same credentials for Flipkart and BigBasket have complained that their accounts are being hacked. This is only happening to Flipkart users as of now. One of the users named Satish Medapati posted on Twitter that his Flipkart account details including his name, password were changed. He also told Inc42 that he had received OTPs for orders that he had not placed. "About 17 orders were placed. Reward coins were used and there were attempts to buy through my saved credit cards on Flipkart. About 30+ OTPs on various issues came from Flipkart," he told the publication.
Another user named Laximkant Pawar claimed that his Flipkart account has been hacked and the hacker has used his 966 super coins to purchase a Dominos voucher worth Rs 1000. Security expert Rajashekhar Rajaharia has found a link between Flipkart and BigBasket. He has discovered that cybercriminals were selling the email addresses of customers from the BigBasket database that match with Flipkart and Amazon. But no cases of Amazon users have been reported till now because the company sends OTP for login.
"It seems, some people are selling Bigbasket Email: Password combinations as Flipkart data. People are using the same password for all websites. Almost all emails are matching with Bigbasket DB (database). Change your Flipkart Passwords asap," Rajaharia tweeted.
Rajaharia advised Flipkart to secure the users' accounts. "Anyone with a combination of leaked email and password can easily login from anywhere including VPN/TOR to Flipkart. Please mandatory 2FA ( two-factor authentication) for all accounts," he said. The cyber experts had also advised users to change their email IDs and passwords to safeguard their accounts from getting hacked.
Responding to the data breach, Flipkart spokesperson told Inc42, "The Flipkart Group is absolutely focused on maintaining the safety and security of our customer data and have robust information security systems and controls in place to safeguard data. In parallel, to create awareness on fraudulent activities we drive awareness campaigns across various media and social channels, educating customers on best practices for a safe online experience and to keep their accounts safe from unscrupulous cyber elements."