Names, credit card details, addresses, and information from yesterday’s transactions are sold online. This data includes the names of the owners, the last four digits of credit card numbers, and order history. The leak affected customers who used a grocery delivery service yesterday. It turns out that the personal data of hundreds of thousands of Instacart customers was leaked to the darknet.
Instacart is an American company that delivers food to a customer’s home for a fee. The company operates in America and Canada.
This Wednesday, on two sites on the darknet, there was an offer to sell data from 278,531 accounts. although it’s not a fact that there are no duplicates or they are not fakes.
According to a company spokesman, in April alone, Instacart services were used by millions of customers in the US and Canada. Also, the company denies that it was hacked or that it deliberately leaked customer data:
“We are not aware of any data breaches at this time. We take data protection and privacy very seriously, ”said an Instacart spokesperson. “Outside of the Instacart platform, attackers can target individuals using phishing.
In cases where we believe that a customer’s account may be compromised due to an external phishing attack outside the Instacart platform, we proactively notify customers to update their password. ”
The cybersecurity chief of Security Fanatics reviewed the sales reports and commented, “It looks very recent and perfectly legal.”
Two women whose personal details were up for sale confirmed that they were Instacart customers, that the date and amount of their last order matched what appeared on the darknet.
In terms of price, account information was selling for about $ 2 per customer. According to one of the websites that sold this information, the personal details of people using Instacart accounts were added during June and July, with the most recent upload on July 22.