Instacart Pwned…. 278,531 Affected…. And Instacart’s Response To This Sucks

The news is out that Instacart has been pwned by hackers. Apparently 278,531 Instacart customer records are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories:

The source of the information, which also included email addresses and shopping data, was unknown, but appeared to have been uploaded from at least June until today.

“It’s looking recent and totally legit,” Nick Espinosa, the head of cybersecurity firm Security Fanatics, told BuzzFeed News after reviewing the accounts being sold.

And to add to this, customers who have been affected have confirmed that this is legit as well. However Instacart strangely denies a hack has happened:

“We are not aware of any data breach at this time. We take data protection and privacy very seriously,” an Instacart spokesperson told BuzzFeed News. “Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password.”

And Instacart’s response has been to blame the victim:

After this story was published, Chester contacted Instacart customer support who told her the issue was likely with password reuse across other websites or apps. Chester said she does not reuse passwords for her logins.

The other woman, Mary M., who asked for her full name not to be used, told BuzzFeed News she would cancel her Instacart account and use a different service.

“I think that it’s very unfortunate that you were the one to tell me and not Instacart,” she said. “I feel like if you know about it, why in the world don’t they? Why haven’t they reached out?”

That is a good question. Instacart I would think would be more proactive about helping their customers who are affected by this. But clearly that appears not to be the case. Which doesn’t make Instacart look too good. Perhaps they need to rethink this. Like right now.

Leave a Reply

%d bloggers like this: