BigBasket Data Allegedly Leaked on Dark Web, Database Claimed to Include Details of Over 20 Million Users

BigBasket confirmed a data breach in November last year that is said to be associated with the latest leak.

Advertisement
By Jagmeet Singh | Updated: 26 April 2021 18:59 IST
Highlights
  • BigBasket’s alleged database included personal details of affected users
  • The database has been leaked by a hacker known as ShinyHunters
  • BigBasket has not yet confirmed the leak or informed its customers

BigBasket is one of most popular grocery delivery companies in India

BigBasket database of over 20 million customers has allegedly been leaked on the dark Web, months after the online grocery delivery platform confirmed a data breach. The alleged database includes the email addresses, phone numbers, and hashed passwords of the affected customers. The data also allegedly carries physical addresses and date of birth of BigBasket users. Although the database that is available for free access on the dark Web includes user passwords in an encrypted form, another hacker has claimed to have decrypted some of the leaked passwords.

The alleged BigBasket database has been put on the dark Web by a hacker group infamously known as ShinyHunters. It includes details such as the email addresses, names, date of birth, and phone numbers.

Advertisement

 

Cyber-security researcher Rajshekhar Rajaharia told Gadgets 360 that the leaked database is associated with the breach that BigBasket itself confirmed in November last year.

Update April 26, 6.56pm: BigBasket has responded to Gadgets 360 to confirm that this is indeed the November leak, and the company also highlighted that it has made changes to its systems to eliminate all hashed passwords, moving to an OTP-based mechanism instead, as a security measure. BigBasket's full statement is included at the end of this article.

“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it,” the company had said while confirming the data breach that was made public by cybersecurity intelligence firm Cyble.

Advertisement

ShinyHunters made the alleged BigBasket database available for download on the dark Web over the weekend. It included hashed passwords of the affected customers. However, some passwords in plain text are now also put on sale on the dark Web.

“Another hacker is claiming to have decrypted millions of passwords associated with BigBasket,” said Rajaharia. “This could lead to a serious problem for the affected customers as bad actors would gain access to their personal Web accounts using the decrypted passwords and leaked email addresses.”

Advertisement

Meanwhile, the website Have I Been Pwned? — that informs users on whether their data has been compromised by any recent breaches — has sent an email to notify some affected customers about the data leak.

Founded in 2011, BigBasket is backed by China's Alibaba and is one of the leading platforms for delivering groceries online. The pandemic helped the company expand its business and even attract conglomerate Tata Group that in February agreed to acquire a majority stake in the company.

Advertisement

Update: Full statement from BigBasket:

This article / social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. The reason we know it's not recent is that the article /social media post mentions the release of hashed passwords. We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers.


Why did LG give up on its smartphone business? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 22:00), we talk about the new co-op RPG shooter Outriders. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Everything We Know About the Nothing Phone 4b
  2. iPhone Air 2 Could Address Biggest Complaint of Apple's First-Gen Model
  3. Samsung Galaxy F70 Pro Bluetooth SIG Listing Hints at Imminent Launch
  4. Moto G77 Power Listing Confirms Key Specifications Before July 8 Debut
  5. Vivo Y500 4G Makes Global Debut With an 8,100mAh Battery: See Price
  1. Bitcoin Trades Near Two-Week High as Crypto Investor Sentiment Improves
  2. iOS 27 System Prompt Reportedly Hints at Apple’s New Smart Wearable With Two Cameras
  3. Xiaomi Civi Series Discontinued With No Next-Generation Model Planned, Claims Tipster
  4. Apple’s Foldable iPhone to Hit Shelves Later Than Anticipated Due to ‘Manufacturing Challenges’, Analyst Claims
  5. Samsung Galaxy F70 Pro Bluetooth SIG Listing Suggests Its Launch Might Be Right Around the Corner
  6. iPhone Air 2 Design Leaked in New Renders That Point to Dual 48-Megapixel Cameras
  7. Vivo X300e Key Specifications Leaked; Snapdragon 8 Gen 5, 50-Megapixel Zeiss Camera Tipped
  8. Vivo Y500 4G Launched With 8,100mAh Battery, 50-Megapixel Rear Camera: Price, Specifications
  9. Moto G77 Power Listed on Company's Website With Key Specifications Before July 8 Debut
  10. Samsung Galaxy Z Fold 8, Galaxy Fold 8 Ultra, Galaxy Flip 8, Watch 9 Prices Leaked Online Ahead of Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.