BigBasket

In October 2020 the Indian online grocery platform BigBasket suffered a major data breach involving over 20 million customer records. The incident occurred when an unauthorized third party gained access to the database and initially put the sensitive information up for sale on dark web marketplaces for approximately 40000 USD. By April 2021 the entire dataset was leaked publicly for free. The compromised information included personal details such as full names email addresses phone numbers physical addresses dates of birth and hashed passwords using the Django SHA1 algorithm. IP addresses and account creation dates were also part of the exposed data set. The company acknowledged the breach and took steps to evaluate the extent of the impact while working with cybersecurity experts and law enforcement agencies.