A very well known grocery app BigBasket has been hacked. Personal data of over 2 crore customers is sold on the darkish internet for over $40,000 which is equal to approx. 30 lakh rupees. As per the report by Cyble, a firm which tracks data breaches, its research team was capable of finding a Massive Basket database for sale on the darkish internet.
As claimed by Company “The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (cell + cell phone), full addresses, date of start, location and IP addresses of login among many others.”
Cyble informed administration staff of BigBasket regarding the leak and later BigBasket confirmed the breach. In a statement to information company PTI, the company stated, “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity specialists and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
BigBasket assures that financial information of customers is secure, but here is all what you should do to stay protected.
Here are some common things you may want to do as a precautionary measures if you are using BigBasket:
-Change the password of all net banking accounts which you might use to order from the app.
-Change PIN of all the UPI apps which you have used while ordering through the app.
-If you have the same passwords or PIN for your email ID and other services which you have used already then change all the passwords. Ensure to have different passwords for each service or app.
-Whenever you download or update a BigBasket app, use the official Play Store or Apple App store only. Do not trust any messages popping up for downloading or upgrading the app.
Keep yourself prepared for defrauding activities, identity thefts, customer care and other scams
BigBasket’s stolen database comprises names, email IDs, password hashes (probably hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth and location. With this personal information, you can expect to be a target of phishing attacks or any other related scams. Always remember that scammers can use these data in a different way to target an individual. You should be careful about such scams:
Defrauding activities: It is very easy for anyone to create a personalised BigBasket offer on the basis of the quantity of personal information which is leaked. They can send you phishing emails or messages but do not open or click on any link which you may have received via WhatsApp, Email or SMS.
Customer Care scams: Do not entertain any calls which ensures you that they are from customer care and will help you to fix your bugs related to your orders or if they are referring to any credit card offers. It is the easiest way for a scammer to drag you into a bigger scam than expected.
Do not accept unfamiliar packages: These are some recent scam we got to know which includes a person and he pretends to be a delivery person and forcefully gives you any random package and asks you to pay money for the same. This is a typical cash on delivery scam in which they force and harass an individual to accept the package and pay for something which you have not ordered for.
Do not share your OTP to anyone: Never share the OTP received on your mobile with anyone. If you get any call to share the OTP delivered on your mobile via SMS or Email, simply do not disclose it since it can be a scam apart from the service you have to use it for.