A data breach occurred recently at the e-commerce sites Flipkart and BigBasket. According to reports, BigBasket's latest data breach revealed the personal information of some Flipkart customers as well. Seven months after it was first discovered, the matter has resurfaced.
According to an independent cybersecurity expert, an alleged leaked database may lead to unauthorized transactions from accounts of Flipkart customers who also used grocery platform BigBasket with the same user ID and passwords.
In November, BigBasket was involved in a major data breach that exposed the personal information of over 2 crore users.
Some users who shared the same credentials for Flipkart and BigBasket have complained that their accounts have been compromised as a result of the leak. As of now, this is just affecting Flipkart users.
Cybercriminals are selling sets of email addresses and passwords of customers from allegedly leaked databases of BigBasket that match with accounts of e-commerce company Flipkart and Amazon, according to expert Rajashekhar Rajaharia. However, he said Amazon sends OTP for login when there is a change in the browser.
'It seems, some people are selling Bigbasket Email: Password combinations as Flipkart data. People are using the same password for all websites. Almost all emails are matching with Bigbasket DB (database). Change your Flipkart Passwords asap,' Rajaharia tweeted.
He also mentioned that Flipkart's accounts should be secured and posted account details being sold on Telegram.
'Anyone with a combination of leaked email and password can easily log in from anywhere including VPN/TOR to Flipkart. Please mandatory 2FA ( two-factor authentication) for all accounts,' Rajaharia said.
When contacted, a Flipkart spokesperson said that the company is absolutely dedicated to ensuring the safety and protection of customer data and that the company has "robust information security systems and controls in place."
A Flipkart spokesperson told Inc42 in response to the data breach, “In addition, we run awareness campaigns through different media and social networks to raise awareness about fraudulent activities, educating consumers on best practices for a secure online experience and keeping their accounts safe from unscrupulous cyber elements.”