ShellCodeX Breach Report
bigbasket Data Breach
bigbasket.com
Verified breach
Passwords exposed
Accounts exposed
24,500,011
Breach date
14 Oct 2020
Added to tracker
26 Apr 2021
Data classes
7
What happened
In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
Exposed data
Dates of birth
Email addresses
IP addresses
Names
Passwords
Phone numbers
Physical addresses
Recommended actions
- Change your bigbasket password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing bigbasket โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP