BigBasket

BigBasket is an Indian online grocery service headquartered in India. The platform enables customers to purchase a variety of grocery and household items through its website or mobile application. It operates as an e‑commerce grocery retailer serving consumers across the country. The service focuses on delivering fresh produce, packaged foods, and other daily essentials directly to customers’ doorsteps. Its core business model relies on online order placement and last‑mile delivery logistics.

In October 2020, a security researcher discovered a database containing approximately 20 million BigBasket user records being offered for sale on the dark web for over $40,000. The exposed data included names, email addresses, SHA1‑hashed passwords, phone numbers, physical addresses, dates of birth and login IP addresses. A subsequent leak in November 2020 by the threat actor group ShinyHunters made the same dataset publicly available on a hacking forum. Investigations revealed weak security practices, with over two million of the hashed passwords reportedly cracked, including 700,000 instances of the password “password”. The incidents highlighted vulnerabilities in credential storage and prompted the company to launch internal investigations and file a police complaint. The breaches increased the risk of fraud and identity theft for affected users, particularly during the heightened reliance on online shopping amid the pandemic.