fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Leaks 20 Million Alleged BigBasket User Records For Free

Hacker Leaks 20 Million Alleged BigBasket User Records For Free

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.

BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes.

This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.

BigBasket database leaked for free
BigBasket database leaked for free

In November 2020, BigBasket confirmed to Bloomberg News that they had suffered a data breach after ShinyHunter had previously tried to sell the stolen data in private sales.

“There’s been a data breach and we’ve filed a case with the cybercrime police,” BigBasket CEO  Hari Menon told Bloomberg News. “The investigators have asked us not to reveal any details as it might hamper the probe.”

As is typical for older breaches privately sold by ShinyHunters, the threat actor has now released the whole database for free, which reportedly contains more than 20 million user records.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

The database includes BigBasket customer information, including email addresses, SHA1 hashed passwords, addresses, phone numbers, and other assorted information.

Sample of records in the database
Sample of records in the database

The passwords are hashed using the SHA1 algorithm, and forum members have claimed to crack 2 million of the listed passwords already. Another member claims that 700k of the customers used the password ‘password’ for their accounts.

In the past, ShinyHunters has been responsible for or involved in other data breaches, including TokopediaTeeSpringMintedChatbooksDavePromoMathwayWattpad, and many more.

What should BigBasket customers do now?

As BleepingComputer has confirmed that some of the records are accurate, including information specific to the BigBasket service, customers should play it safe and assume that their customer info has been leaked as well.

It is strongly suggested that all BigBasket users immediately change their passwords on BigBasket and at any other sites using the same password.

Also Read: The DNC Singapore: Looking At 2 Sides Better

A password manager is recommended to help you manage the unique passwords you use at different sites.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us