Grocery app BigBasket hacked, data of 2 crore users leaked; What you should do to stay safe – Times of India
NEW DELHI: Popular grocery app BigBasket has been hacked. Personal data of over 2 crore users is sold on the dark web for over $40,000 which translates to around Rs 30 lakh. As per a report by Cyble, a firm that tracks data breaches, reported that its research team was able to find the database of Big Basket for sale on the dark web.
“The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others,” said the company.
Cyble informed the management team of BigBasket about the leak and later BigBasket confirmed the breach. In a statement to news agency PTI, the company said, “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
BigBasket confirms that financial data of users is safe but here’s what you should do to stay protected
If you use BigBasket to order groceries then here are a few common things you may want to do as a precautionary measure.
-Change the passwords of all internet banking accounts that you may use to order from the app.
– Change pins of UPI apps you have used to order from the app.
-If you are using the same password or pins for your email ID and other services that you have already used then change all the passwords. Make sure you use separate passwords for each service or app.
-Download or update the Bigbasket app from the official Play Store or Apple App Store only. Do not believe any message that claims you need to update your app from another source.
Be prepared for
BigBasket’s stolen database includes names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth and location. With this data, you can expect to be a target of phishing attacks or other related scams. Also remember that this data could be used by scammers in a different way to target you. With this data alone you may not be subject to financial frauds but you will have to be careful about these types of scams :
Phishing attacks: With the amount of personal information that has been leaked, it is very easy for anyone to create a personalised ‘BigBasket offer’ for you and send phishing emails, messages of the same. Do not open or click on any link that you may get on SMS, WhatsApp or email. It is quite common for attackers to buy leaked databases and create personalised scam messages.
Customer care scams: If you get calls from a so-called customer care executive from any company or bank that claims to fix an issue with your order or talks about some credit card offers simply do not entertain such calls. With the amount of personal data the scammers have it is very easy for them to manipulate you into a bigger scam.
Do not accept unknown packages: New types of scams include a person, pretending to be a delivery executive, knocking at your door with a random package and forcing you to pay money for the same. This is the typical cash-on-delivery scam which includes the scammer manipulating and harassing you ro pay for something that you haven’t ordered.
Do not provide OTPs to anyone: If you get any calls or messages that ask for an OTP that you have received on your phone number simply know that it’s a scam. Never reveal any OTP to anyone apart from the service you have to use it for.