BigBasket Data Breach

  • Thread starter Thread starter Jonas
  • Start date Start date
  • Replies Replies 32
  • Views Views 3,505
why dont these desi cos use google n facebook authentication.
My password has been leaked so many times by these stupid Indian startups.
Not their cup of tea to secure the systems.
 
Last edited:
Cyble has claimed that personal information of as many as 20 million users such as full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location, and IP addresses of where users have logged in from have been put up for sale on the dark web for $40,000

 
Damn, the only time I ever bought something from BigBasket, I chose COD.


Speaking of passwords, does BigBasket require passwords for login? I thought they use phone number based OTPs🤔


Edit: Nevermind, they do use passwords but I had forgotten mine🥴
 
why dont these desi cos use google n facebook authentication.
Do you know the Google account authentication for some service you are signing it into has a big risk ? If a service which is using Google as a signin authentication gets breached , chances are they can gain direct access to your account without a password . Think twice before clicking "Sign-in with Google" Maybe you can keep a separate Google account for that . But you still end up some signing for some important services which reveal your personal data
Manually signin to a website by giving Email ID and Keep a Password Manager for less important websites and keep a random password for each website . Incase a website you are using gets breached also , they are only left with a random password and your email
Same password often leads to hackers writing a script wherein it will check the same password with all banking and popular data sensitive websites
 
Actually you are totally incorrect. When using Google authentication, Google doesn't provide your account access to the third party requesting the access. They only provide authenticated email and other data that is requested.
 
Like other platforms like Twitter and Facebook, it gives access to data you give consent to. Most third party email clients now using Google Authentication for connecting to Gmail account instead of asking actual Gmail credentials because no one would want to give it to them. And they need constant access to your Gmail account to let you manage your mail. So, it depends upon the user on how he allows third party apps to access his account. If a service like BigBasket is asking for more than just email address and other basic details for account creation, it's best not to give approval.

NRGBIbo.webp


Now this app can surely fuck up my Gmail account. But it cannot do anything with other Google components on my account.
 
Last edited:

Back