Hundreds of thousands of Instacart customers impacted by data breach

Instacart denies the breach, but credit card data, addresses and transaction information are being sold on the dark web

The personal information of hundreds of thousands of Instacart customers is allegedly for sale on the dark web, according to Buzzfeed News. The data includes names, the last four digits of credit card numbers and order histories. According to the report, the breach impacted customers who used the grocery delivery service as recently as yesterday. Buzzfeed News says the source of the information is currently unknown.

As of Wednesday, two dark web stores featured sellers offering information from 278,531 Instacart accounts, but Buzzfeed said some of those accounts may be duplicates or not invalid. Hackers have been selling the account information for about $2 per customer throughout June and July. The most recent upload was on July 22.

As of this writing, Instacart has denied the breach.

"We are not aware of any data breach at this time. We take data protection and privacy very seriously," an Instacart spokesperson shared with BuzzFeed News. "Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Buzzfeed News has, however, been in contact with two women whose personal information was listed for sale on the dark web. Both women confirmed they were Instacart customers. They also confirmed the date of their last order and found the amount paid matched what appeared on the dark web. The women also confirmed the credit card information listed belonged to them.

Hannah Chester told BuzzFeed News, “I don’t really know what to say. It’s hard to know what to say, not knowing if it’s a result of [Instacart's] negligence. But if they’re aware that this happened and haven’t informed us, that’s problematic.”

Mary M., the second woman, told BuzzFeed News she plans to cancel her Instacart account and begin using a different grocery delivery service.

“I think that it’s very unfortunate that you were the one to tell me and not Instacart,” she said. “I feel like if you know about it, why in the world don’t they? Why haven’t they reached out?”

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

Raspberry Pi Compute Module 4 launches with PCIe support
Hardware

Raspberry Pi Compute Module 4 launches with PCIe support

19 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020