‘Big Basket’ Online Supermarket Breached and Data Leaked

Published on November 7, 2020
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

India’s largest online supermarket platform, ‘Big Basket,’ has suffered a data breach that appears to have occurred on October 14, 2020. The company hasn’t realized the security incident or chose to keep it a secret, hoping that nobody would notice, but the first samples of this data are already leaking on the dark web, so the event has now come to light.

Big Basket is a $2-billion giant, providing its online shopping services to people in Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore, Vijayawada-Guntur, Kolkata, Ahmedabad-Gandhinagar, Lucknow-Kanpur, Gurgaon, Vadodara, Visakhapatnam, Surat, Nagpur, Patna, Indore, and Chandigarh Tricity city. Thus, almost the entire country of India is covered by Big Basket services.

Related: E-Commerce Firm ‘Lazada’ Breached by Hackers and User Data Accessed

Cyble’s researchers have located a newly posted data sale that involves a database belonging to Big Basket. The price that was set by the crooks is $40,000, and the size of the SQL file is about 15 GB. In there, one can find the details of roughly 20 million customers of the online supermarket, including the following:

Source: Cyble

Fortunately, payment details haven’t been exposed, but it’s not that the rest of what was compromised is not that important. The above details open the way to scamming, spamming, phishing, credential stuffing, and even identity theft actors. Even though the passwords were hashed, customers of Big Basket should reset their password on any place they may be using it.

Especially during these rough times of the Coronavirus situation, people turned to remote shopping solutions like the one offered by Big Basket, trusting the platform with their personal details. Cyble has added the data of the pack on its breach monitoring and notification system, so you may use its “AmIBreached” tool to check if you’re included.

If you happen to receive any emails or SMS making weird claims and asking you to give away more information or money, delete them immediately and block the number. Next time you want to buy stuff online, prefer an anonymous email address and a fake name if that’s possible. Always share the least possible valid information you need to, and when incidents like this one happen, your troubles will be minimal.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: