Instacart has denied that it was hit by a massive cyberattack, except they actually were

Spread the love

Warning: If you’ve recently used Instacart it might be a good time to change your passwords; your info, or perhaps even delete your account.

A woman in a grocery store checks the Instacart app on her phone as she shops

Michael Loccisano / Getty Images

On Thursday, it emerged that Instacart (primarily in the U.S and Canada) may have been affected by a massive data breach involving the dark web. According to numerous online posts, user account information has been found on the dark web containing more than a quarter-of-a-million user accounts.

In the leak (which the company denies) user passwords; names, DOB’s, addresses, last four of CC’s, and numerous other pieces of information were all apparently hijacked. Multiple reports published on Thursday confirmed that at least two major dark web stores were all selling the information. It is unclear how many if any may be duplicates or incorrect account information.

A statement from Instacart has appeared in Buzzfeed News.

“We are not aware of any data breach at this time. We take data protection and privacy very seriously,” an Instacart spokesperson told BuzzFeed News. “Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password.”

Comments

comments

Be the first to comment

Leave a Reply

Your email address will not be published.


*