BigBasket Data Breach

manu1991 · Apr 26, 2021

Edited

Heyman · Apr 26, 2021

Just received email from Firefox monitor about data breach of my Big Basket account, what steps should I take next, I have already mailed them regarding account deletion.

manu1991 · Apr 26, 2021

If your payment details weren't saved there and you didn't reuse that password at other sites, nothing else you can do.

Unless you are open to changing your name

SVK · Apr 26, 2021

Got email from Firefox.
Email which is compromised is secondary which I use for e-comm website. Not sure if I had password as login happened by OTP always.
What about Address?

Heyman · Apr 26, 2021

Got this reply from the customer support regarding account deletion request

Jay · Apr 27, 2021

manu1991 said:
If your payment details weren't saved there and you didn't reuse that password at other sites, nothing else you can do.

Unless you are open to changing your name

Nowadays I don't give my real name out except for financial and govt related apps and services - banks, cards income tax portal etc. Most often it'll be something random or for apps that needs my name to provide me services or to communicate, it'll either be an intial or something like "Jay"

Of course this does not help much when they leak your address and GPS coordinates as well in a data breach, but feels a little less violated.

Jay · Apr 27, 2021

SVK said:
Got email from Firefox.
Email which is compromised is secondary which I use for e-comm website. Not sure if I had password as login happened by OTP always.
What about Address?

No they implemented it only recently. The cracked passwords from the breach are being circulated widely now. Complete addresses are visible. Phone numbers too.

Jay · Apr 27, 2021

manu1991 said:
media

I'd remove the email from public, anyone can look up the details now.

Jay · Apr 27, 2021

Heyman said:
Got this reply from the customer support regarding account deletion request

lol due to "security reasons"

Jonas · Apr 27, 2021

The interesting thing is if I use incorrect first and last name, the transactions will go through at least in case of Credit Cards.

Jay · Apr 27, 2021

debit cards as well. I doubt most Indian payment gateways implement any sort of name verification. When they ask for "name on card", I just fill in the name that is on the card - "hdfc", "one", "icici" etc and it goes through.

Jonas · Apr 27, 2021

This is a shame considering how many financial scams happen in India, every day. If I am not wrong, payment gateways can enforce this kind of verification. Gateway can force name and address verification in order to approve the transactions.

Heyman · Apr 27, 2021

Only concern for me is about my address and mobile number as these things can't be changed easily. They deactivated my account but it doesn't help regarding the data leak.

Tejas01 · Apr 28, 2021

Got an email from FF monitor stating I have been pawned at bigbasket.
Just don't know what to do now.

unAadhaarit · Apr 28, 2021

try this have i been pwned?
What steps should you take when your email has been pwned?
What to do if you've been pwned

BigBasket Data Breach

manu1991

Ancient Philospher

Heyman

manu1991

Ancient Philospher

SVK

twitter.com/svknet

Heyman

Jay

Jay

Jay

Jay

Jonas

Jay

Jonas

Heyman

Tejas01

Dream big in life.

unAadhaarit

Similar threads