Many Instacart Customers’ Data Is Being Sold on the Dark Web

And just as everyone has been relying on Instacart more

In a new report, Buzzfeed News finds that information like names, the last four digits of credit card numbers, addresses, and order histories from over 250,000 Instacart accounts were being sold in “dark web stores.” Multiple Instacart customers confirmed to Buzzfeed News that the information pulled about them was accurate. However, Instacart is denying any knowledge of a data breach on its end, and suggest it’s more of a coincidence that all these Instacart order histories wound up on the dark web. “Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques,” a spokesperson said. “In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password.”

Through the pandemic, there has been a boom in grocery delivery services. Uber recently announced its own grocery service, against which Instacart has filed a lawsuit, alleging IP theft. With many people — especially those who may be immunocompromised or otherwise unable to run their own errands — relying on services like Instacart to receive groceries, a data hack is less than ideal.

And in other news…

  • The pandemic is causing a financial disaster for hog farmers. [FoodDive]
  • How come everyone was dunking on other corporations for their BLM tweets and not Ben & Jerry’s? Because Ben & Jerry’s has been blogging about progressive politics from the beginning, and didn’t just try to capitalize on the latest movement for profit. [Bloomberg]
  • Aldi wants to open 70 more stores by the end of the year. [CNBC]
  • Because of commission fees on third-party apps, Chipotle is considering raising prices. [NRN]
  • We’re facing an aluminum can shortage, so hold your cans close. [CNN]

Leave a Reply