Hundreds of thousands of Instacart customers impacted by data breach

Instacart denies the breach, but credit card data, addresses and transaction information are being sold on the dark web

The personal information of hundreds of thousands of Instacart customers is allegedly for sale on the dark web, according to Buzzfeed News. The data includes names, the last four digits of credit card numbers and order histories. According to the report, the breach impacted customers who used the grocery delivery service as recently as yesterday. Buzzfeed News says the source of the information is currently unknown.

As of Wednesday, two dark web stores featured sellers offering information from 278,531 Instacart accounts, but Buzzfeed said some of those accounts may be duplicates or not invalid. Hackers have been selling the account information for about $2 per customer throughout June and July. The most recent upload was on July 22.

As of this writing, Instacart has denied the breach.

"We are not aware of any data breach at this time. We take data protection and privacy very seriously," an Instacart spokesperson shared with BuzzFeed News. "Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Buzzfeed News has, however, been in contact with two women whose personal information was listed for sale on the dark web. Both women confirmed they were Instacart customers. They also confirmed the date of their last order and found the amount paid matched what appeared on the dark web. The women also confirmed the credit card information listed belonged to them.

Hannah Chester told BuzzFeed News, “I don’t really know what to say. It’s hard to know what to say, not knowing if it’s a result of [Instacart's] negligence. But if they’re aware that this happened and haven’t informed us, that’s problematic.”

Mary M., the second woman, told BuzzFeed News she plans to cancel her Instacart account and begin using a different grocery delivery service.

“I think that it’s very unfortunate that you were the one to tell me and not Instacart,” she said. “I feel like if you know about it, why in the world don’t they? Why haven’t they reached out?”

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020