- Total Records21,435,552
- Unique Emails24,601,985
- Unique Email Providers124,132
- Unique IP Addresses8,256,239
- Unique First Names9,968,705
- Unique Addresses22,606,372
BigBasket Data Breach: What Happened in October 2020?
In October 2020, BigBasket, a major Indian online grocery provider, suffered a sizable data breach that affected over 21 million users. This incident led to the exposure of a wide range of sensitive customer data, including names, physical addresses, email addresses, phone numbers, dates of birth, IP addresses, and hashed passwords. The stolen information was first put up for sale on dark web platforms and then later released publicly in April 2021, raising serious concerns among customers of the rapidly growing e-commerce platform.
Scope and Nature of the Breach
The breach impacted a total of 21,435,553 customer records. Attackers accessed various fields, such as full names, email addresses, hashed passwords (SHA-1 via Django), complete birth dates, IP addresses, street and city addresses, postal codes, locality details, and phone numbers. This combination of data presented a comprehensive snapshot of individual customers, making the breach especially significant in terms of privacy exposure.
Timeline of Events
The initial unauthorized access occurred around October 1, 2020. In the following months, those responsible for the breach put the data up for sale on dark web forums. The compromised customer database lingered in underground markets until, in April 2021, the dataset was publicly leaked—making it widely accessible to malicious actors and data brokers. The staggered timeline from initial breach to public leak made the impact longer-lasting for affected users.
What Data Was Exposed?
Information exposed in the BigBasket breach included:
- Email addresses
- Full names (first and last)
- Hashed account passwords (Django SHA-1)
- Full date of birth
- Phone numbers
- Home addresses (street, city, locality, ZIP code)
- IP addresses
The broad nature of this personal data leak raised concerns around user privacy and potential misuse of such detailed information.
How Many BigBasket Users Were Affected?
Over 21 million BigBasket customers were impacted, with each record containing a significant amount of identifiable information. This made it one of the more substantial breaches involving an Indian technology company to date.
Was the Data Sold or Leaked?
Shortly after the breach was detected, the stolen BigBasket database was offered for sale in underground cyber markets. Several months later, in April 2021, the same data became available through public leaks, increasing potential risks for anyone whose data was involved.
FAQ
How many users were affected in the BigBasket 2020 breach?
The October 2020 BigBasket breach affected over 21 million users, with 21,435,553 records compromised.
What information was leaked in the BigBasket data breach?
The leak included email addresses, hashed passwords, names, full birth dates, addresses, phone numbers, and IP addresses of customers.
When did the BigBasket breach happen?
The breach occurred in October 2020, with the data first sold on dark web forums and then publicly leaked in April 2021.
Was my home address exposed in the BigBasket breach?
Yes, the breach contained physical addresses—street, city, locality, and ZIP code—along with other personal data like names and phone numbers.
How can I check if I'm in the BigBasket breach?
You can check if your information was part of the BigBasket breach by utilizing the DeHashed search engine.