ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

bigbasket Data Breach

bigbasket.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 24,500,011
Breach date 14 Oct 2020
Added to tracker 26 Apr 2021
Data classes 7

What happened

In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.

Exposed data

Dates of birth Email addresses IP addresses Names Passwords Phone numbers Physical addresses

Recommended actions

  • Change your bigbasket password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing bigbasket โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP