NEW DELHI: Popular grocery app BigBasket has been hacked. Personal data of over 2 crore users is sold on the dark web for over $40,000 which translates to around Rs 30 lakh. As per a report by Cyble, a firm that tracks data breaches, its research team was able to find Big Basket database for sale on the dark web.

“The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others,” claims the company.

Cyble informed the management team of BigBasket about the leak and later BigBasket confirmed the breach. In a statement to news agency PTI, the company said, “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”

BigBasket confirms that financial data of users is safe, but here’s what you should do to stay protected

If you use BigBasket to order groceries then here are a few common things you may want to do as a precautionary measure:

-Change the passwords of all internet banking accounts that you may use to order from the app.
– Change PINs of UPI apps you have used to order from the app.
-If you are using the same password or PINs for your email ID and other services that you have already used then change all the passwords. Make sure you use separate passwords for each service or app.
-Download or update the Bigbasket app from the official Play Store or Apple App Store only. Do not believe any message that claims you need to update your app from another source.

Be prepared for phishing, identity thefts, customer care and other scams

BigBasket’s stolen database includes names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth and location. With this data, you can expect to be a target of phishing attacks or other related scams. Also, remember that this data could be used by scammers in a different way to target you. Having said that you may not be subjected to financial frauds directly but you will have to be careful about these types of scams:

Phishing attacks: The amount of personal information that has been leaked, it is very easy for anyone to create a personalised ‘BigBasket offer’ for you to send phishing emails, messages . Do not open or click on any link that you may get on SMS, WhatsApp or email. It is quite common for attackers to buy leaked databases and create personalised scam messages.

Customer care scams: If you get calls from a so-called customer care executive from any company or bank that claims to fix an issue with your order or talks about some credit card offers simply do not entertain such calls. With the amount of personal data the scammers have it is very easy for them to manipulate you into a bigger scam.

Read More…