Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories …
Instacart denies that there has been any breach, and says that if any data is real, it didn’t come from them.
However, a security researcher who reviewed the data says the Instacart customer records appear genuine, and BuzzFeed was able to verify details with two customers whose data was included.
The breach has not yet been added to haveibeenpwned.com, a site which verifies breaches, lets you search for your email address to see if your data has been obtained, and proactively notifies registered users if their email address is included in a breach.
Two women whose personal information was for sale confirmed they were Instacart customers, that their last order date and amount matched what appeared on the dark web, and that the credit card information belonged to them […]
The account information was being sold for around $2 per customer. According to one of the websites where the information was being sold, the personal data of people using Instacart accounts had been added throughout June and July, with the most recent upload being July 22.
As with any reported breach, it’s advisable to change your password and especially ensure that you have not re-used the password elsewhere. If you have, you should change your password on all relevant sites, and use a password manager to enable you to use unique, strong passwords for every site, app, and service. Two-factor authentication should also be used to protect your privacy whenever it is available.
