Hundreds of thousands of Instacart customers impacted by data breach

Instacart denies the breach, but credit card data, addresses and transaction information are being sold on the dark web

The personal information of hundreds of thousands of Instacart customers is allegedly for sale on the dark web, according to Buzzfeed News. The data includes names, the last four digits of credit card numbers and order histories. According to the report, the breach impacted customers who used the grocery delivery service as recently as yesterday. Buzzfeed News says the source of the information is currently unknown.

As of Wednesday, two dark web stores featured sellers offering information from 278,531 Instacart accounts, but Buzzfeed said some of those accounts may be duplicates or not invalid. Hackers have been selling the account information for about $2 per customer throughout June and July. The most recent upload was on July 22.

As of this writing, Instacart has denied the breach.

"We are not aware of any data breach at this time. We take data protection and privacy very seriously," an Instacart spokesperson shared with BuzzFeed News. "Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Buzzfeed News has, however, been in contact with two women whose personal information was listed for sale on the dark web. Both women confirmed they were Instacart customers. They also confirmed the date of their last order and found the amount paid matched what appeared on the dark web. The women also confirmed the credit card information listed belonged to them.

Hannah Chester told BuzzFeed News, “I don’t really know what to say. It’s hard to know what to say, not knowing if it’s a result of [Instacart's] negligence. But if they’re aware that this happened and haven’t informed us, that’s problematic.”

Mary M., the second woman, told BuzzFeed News she plans to cancel her Instacart account and begin using a different grocery delivery service.

“I think that it’s very unfortunate that you were the one to tell me and not Instacart,” she said. “I feel like if you know about it, why in the world don’t they? Why haven’t they reached out?”

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021