Months after online grocery delivery platform BigBasket confirmed a data breach, a database of over 20 million customers has now reportedly been put on the dark web. This database includes email addresses, phone numbers and hidden passwords of affected customers. The data purportedly also includes the delivery addresses saved by the customers and the date of birth of BigBasket users. This database, available for free on the dark web, also contains hidden (encrypted) passwords of users. However, another hacker claimed to have decrypted some of this leaked encrypted password.

BigBasket’s database has reportedly been listed on the dark web. This work has been done by a hacking group named ShinyHunters. The database, which is listed online, contains important information such as email addresses, names, dates of birth and phone numbers of users.

Cyber-security researcher Rajshekhar Rajaharia told Gadgets 360 that the leaked database is linked to a breach that BigBasket itself confirmed in November last year.

ShinyHunters made the alleged BigBasket database available for download on the dark web over the past weekend. This includes the hashed passwords of the affected customers. However, it is reported that some passwords in plain text have now been put to sell on the dark web.

Meanwhile, the website “Have I Been Pwned?” providing users with information about the leak of their data? has also sent emails informing some of the affected users about the data leak.

You can check whether your information is in this database or not, through Have i Been Pwned. You have to enter your email id or mobile number registered with BigBasket inside the box on home and click on ‘pwned’ button. This website will display the details of all agreements entered into with the e-mail address you entered.