Grocery delivery app Instacart may have been hacked — affecting over 275,000 users.
According to a recent BuzzFeed report, the names, last four digits of credit card numbers, and order histories are popping up on dark web markets as a result of the supposed Instacart hack.
The report says sellers in more than one dark web store offered personal data from over 275,000 accounts, though some of those may be duplicates. An Instacart spokesperson said the app has “millions of customers” as of April.
More from BuzzFeed:
“We are not aware of any data breach at this time. We take data protection and privacy very seriously,” an Instacart spokesperson told BuzzFeed News.
“Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password.”
“It’s looking recent and totally legit,” Nick Espinosa, the head of cybersecurity firm Security Fanatics, told BuzzFeed News after reviewing the accounts being sold.
Instacart has denied any hack of its data, but the report continues to mount evidence that it did in fact happen. It cites two women whose information matches what appears on the dark web — credit card numbers included.
When Buzzfeed reached out for comment, an Instacart customer support agent told them that the issue likely has to do with password reuse.
This could be a valid point, but the person who contacted the support line claims they do not reuse any passwords.
The lesson once again learned from the Instacart hacking: apps for everything from grocery shopping to audio distribution can be incredibly useful and convenient, but cyber security practices have to catch up to a point where we can use them with higher confidence.
Cyber security resources for professionals
- Cybersecurity Tips to Help Companies Whose Employees Are Working at Home
- Identifying Cyber Attacks, Risks, Vulnerabilities in AV Installations
- Customers Want to Know About Your Integration Firm’s Cybersecurity
- Ways to Bring More Cyber Security Practices to Your AV Business
- 5 Steps to Better Cyber Risk Management
This post premiered on our sister site, MyTechDecisions.