A supposed dripped database can potentially lead to unauthorised transactions from accounts of Flipkart clients who also used grocery platform BigBasket with essential user ID and passwords, an independent cybersecurity specialist said on Wednesday. According to the professional Rajashekhar Rajaharia, cybercriminals offer sets of email addresses and passwords of customers from presumably leaked databases of BigBasket that match with accounts of e-commerce company Flipkart and Amazon.
However, he stated Amazon sends OTP for login when there is a change in the browser.
“It seems, some individuals are offering Bigbasket Email: Password mixes as Flipkart data. Change your Flipkart Passwords asap,” Rajaharia tweeted.
He likewise stated Flipkart should secure its accounts.
“Anybody with a mix of dripped email and password can easily visit from anywhere including VPN/TOR to Flipkart. Please necessary 2FA (two-factor authentication) for every account,” Rajaharia said.
He also posted account information being sold on Telegram.
When called, a Flipkart representative said the group focuses on maintaining the security and security of consumer data and has robust info security systems and controls in place.
“In parallel, to develop awareness on fraudulent activities, we drive awareness projects across social channels and different media, educating customers on finest practices for a safe online experience and to keep their accounts safe from unscrupulous cyber elements,” the spokesperson stated.