- Advertisement -
Home News Instacart said its platform was NOT hit with a cybersecurity breach

Instacart said its platform was NOT hit with a cybersecurity breach

- Advertisement -

Instacart said it was not compromised by a cybersecurity breach after hundreds of thousands of customers’ personal data was reportedly being sold for as little as $2 per account on the dark web.

The California delivery grocer confirmed on Thursday that it found no evidence that hackers had obtained the last four digits of credit card numbers, names and order histories of customers through its system.

The information  was available for sale for just $2 per account on two stores on the dark web as recently as yesterday.

Buzzfeed News, who reported the breach on Wednesday, chose not to disclose the site that was advertising the data of 278,531 accounts. Buzzfeed admitted some may have been faulty. 

Instacart on Thursday said it found no evidence that customers' private information had been obtained by cybercriminals through a cybersecurity attack

Instacart on Thursday said it found no evidence that customers’ private information had been obtained by cybercriminals through a cybersecurity attack 

Customers' last four digits of credit card numbers, names and order histories were reportedly for sale on the dark web for as little as $2

Customers’ last four digits of credit card numbers, names and order histories were reportedly for sale on the dark web for as little as $2

On Twitter, Instacart released a statement that said the investigation they launched apparently turned up nothing on their end.

‘To directly address questions about customer account information, we want to share an update for Instacart customers. We take data protection & privacy very seriously and our investigation so far has shown that the Instacart platform was not compromised or breached,’ the company wrote. 

Instead, Instacart said hackers may have targeted customers using phishing attack methods, like stuffing credentials.

‘Based on our team’s assessment, we believe this is the result of credential stuffing – a technique used by 3rd party bad actors similar to phishing, and occurs when a person uses similar login credentials across various websites and apps.,’ they wrote. 

Instacart revealed the result of their internal investigation on Twitter and said its platform had not been compromised

Instacart revealed the result of their internal investigation on Twitter and said its platform had not been compromised

The company suggested customers' personal information may have been caught in phishing attacks or stuffing credentials

The company suggested customers’ personal information may have been caught in phishing attacks or stuffing credentials 

Instacart is contacting individuals customers who may have been affected by the reported information leak to change their password

Instacart is contacting individuals customers who may have been affected by the reported information leak to change their password

Other concerned customers are encouraged to change their login credentials out of caution

Other concerned customers are encouraged to change their login credentials out of caution

Instacart added that it is contacting individual customers to change their login credentials. 

‘We are reaching out to individual customers to auto-force a password update to those customers that may have been affected by third party credential-stuffing,’ wrote Instacart. 

‘If customers are concerned and want to take their own action out of an abundance of caution, we recommend that customers change their Instacart password in their account settings to a unique password that they do not use on any other apps or website accounts’ 

The company further denied their system suffered a cybersecurity breach in a statement to USA Today.

‘We have a dedicated security team as well as multiple layers of security measures across common vectors designed to protect the integrity of all user accounts,’ wrote Instacart.  

The most recent upload of an Instacart customer data to one of the websites was 22 July, and there were continuous updates throughout June and July. 

In the feedback for one of the sales, seen by DailyMail.com, one customer said: ‘Thanks man looking forward to the free stuff :).’ 

Another said: ‘Great overall experience highly recommended.’ 

Other comments said the vendor had not fulfilled the order and that they didn’t receive the information.  

Pictured: File photo of a home delivery. An Instacart spokesman told BuzzFeed they were 'unaware' of a breach on their data

Pictured: File photo of a home delivery. An Instacart spokesman told BuzzFeed they were ‘unaware’ of a breach on their data

An Instacart spokesman initially told BuzzFeed News on Wednesday they were ‘unaware’ of a breach on their data. 

‘We are not aware of any data breach at this time. We take data protection and privacy very seriously,’ they said. 

‘In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password,’ they added. 

The sites used were on the dark web, but BuzzFeed has chosen not to name them.  

Cybersecurity expert Security Fanatics confirmed the advertisement looked legitimate and believed it had been posted recently. 

Two women whose information was part of the illegal online package were Hannah Chester and another who preferred only to be known as Mary M.  

‘I don’t really know what to say. It’s hard to know what to say, not knowing if it’s a result of [Instacart’s] negligence,’ Hannah Chester told BuzzFeed News. ‘But if they’re aware that this happened and haven’t informed us, that’s problematic.’

Mary reiterated her disappointment that Instacart had failed to make its customers aware of the attack and that she had to find out through journalists. 

Instacart, founded in 2012 with a reach of nearly 6,000 cities, Instacart’s popularity and revenue have surged in the months since the coronavirus pandemic hit the United States in January.

Lockdown orders became a major factor in an uptick in online grocer stores, as civilians avoided public places, grocery stores struggled implement public health guidelines and staffers became sick.

Pictured: Clark resident Jen Valencia (pictured) sanitizes her hands at checkout as she supplements her income working for Instacart at Acme Market

Pictured: Clark resident Jen Valencia (pictured) sanitizes her hands at checkout as she supplements her income working for Instacart at Acme Market

In June, Instacart revealed that it raised $225million in an investment round due to the boost in sales.

Apporva Mehta, one of the Instacart founders and current CEO, became a billionaire that same month as a result.

Forbes reports that Instacart’s valuation went from $7.9billion to $13.7billion, and estimated the Mehta had a net worth of $1.2billion.   

Instacart hired 300,000 more shoppers in March and had plans of adding an additional $250,000 in April.

‘We have ambitious plans for the future and this new investment enables us to deepen our support for our shoppers and partners, further fund strategic initiatives such as our advertising and enterprise businesses, and continue to deliver exceptional experiences for customers,’ Mehta said in a press release.

‘This pandemic has fundamentally reshaped the way people think about grocery and ecommerce, and we’re proud to have Instacart continue to play an important role in people’s lives now and long after this crisis subsides.’ 

- Advertisement -
- Advertisement -

Stay Connected

16,985FansLike
2,458FollowersFollow
61,453SubscribersSubscribe

Must Read

Kate Middleton and Prince William visit Gavin & Stacey slot matching arcade in Barry Island

Kate Middleton cut a stylish figure in a recycled floral dress as she joined Prince William to visit Gavin & Stacey's slot machine arcade in South...
- Advertisement -

Woman, 29, says biannual Botox injections CURED her anxiety

A woman who has 'life-changing' Botox every six months insists it helps cure her depression and anxiety. Sophie Attwood, 29, a PR consultant from Cheshire,...

Sir Bob Geldof submits plans for Monet-inspired wildlife pond

Sir Bob Geldof is planning to promote wildlife at his historic residence by installing a pond inspired by Claude Monet's water lily paintings.The former...

Cuomo begs wealthy New Yorkers to come back to save the city: ‘I’ll buy you a drink!’

Gov. Andrew Cuomo is begging wealthy New Yorkers to return to the city to save it from economic ruin while fighting off calls from...

Related News

Kate Middleton and Prince William visit Gavin & Stacey slot matching arcade in Barry Island

Kate Middleton cut a stylish figure in a recycled floral dress as she joined Prince William to visit Gavin & Stacey's slot machine arcade in South...

Woman, 29, says biannual Botox injections CURED her anxiety

A woman who has 'life-changing' Botox every six months insists it helps cure her depression and anxiety. Sophie Attwood, 29, a PR consultant from Cheshire,...

Sir Bob Geldof submits plans for Monet-inspired wildlife pond

Sir Bob Geldof is planning to promote wildlife at his historic residence by installing a pond inspired by Claude Monet's water lily paintings.The former...

Cuomo begs wealthy New Yorkers to come back to save the city: ‘I’ll buy you a drink!’

Gov. Andrew Cuomo is begging wealthy New Yorkers to return to the city to save it from economic ruin while fighting off calls from...

Teenage boy runs into oncoming M5 traffic and is hit by ‘multiple vehicles’

A teenage boy is fighting for his life in hospital after he reportedly ran into oncoming traffic on the M5 and was hit by...
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here