Cybercriminals are selling sets of email addresses and passwords of customers from allegedly leaked databases of BigBasket that fit with accounts of e-commerce firms Flipkart and Amazon, according to cybersecurity expert Rajashekhar Rajaharia. He said that an alleged leaked database can lead to unauthorised transactions from accounts of Flipkart customers who also used grocery platform BigBasket with the same user ID and passwords.
On Telegram, he also posted account information for sale. He did say, however, that when the browser is changed by the user, Amazon sends an OTP for login.
Commenting on the development, Rajaharia tweeted, “It seems, some people are selling Bigbasket Email:Password combinations as Flipkart data. People are using the same password for all websites. Almost all emails are matching with Bigbasket DB (database). Change your Flipkart Passwords asap,”
He also added that Flipkart should secure its online accounts of the users.
Rajaharia said “Anyone with a combination of leaked email and password can easily login from anywhere including VPN/TOR to Flipkart. Please mandatory 2FA ( two-factor authentication) for all accounts,”
On Telegram, he also posted account details for sale.