Skip to main content
close search
site logo
Dive Brief

Instacart denies security breach of customer data

Published July 23, 2020
Krishna Thakker's headshot
Krishna Thakker Associate Editor
Kroger

Dive Brief:

  • Instacart shoppers’ personal information including names, order histories, addresses and credit card info and data are being sold on the dark web, according to BuzzFeed News.
  • As of Wednesday, sellers on two dark web sites were found to be selling information from 278,531 accounts, some of which could be duplicates or fake, the news site reported. Instacart currently has millions of customers across the U.S. and Canada. Account information was being sold for $2 per customer.
  • The information found on the dark web dates back to at least June up until July 22. Instacart told Grocery Dive it isn’t aware of a data breach.

Dive Insight:

Instacart told Grocery Dive it has a security team and multiple layers of security measures across common vectors designed to protect its customers. If the company felt like customers’ accounts were compromised, Instacart said it would send shoppers a message to auto-force them to change their login info. 

But Instacart said it cannot control attackers that may target individuals outside of its platform using phishing or credential stuffing techniques. This happens when someone uses similar login credentials across multiple websites and apps. 

A cybersecurity expert told BuzzFeed the information collected looks recent and “legit” after reviewing the accounts. And two women whose personal information was for sale on the dark web confirmed they were Instacart users and that their order history and credit card numbers matched, according to BuzzFeed. 

One of the women told BuzzFeed she does not reuse passwords on different websites and apps. 

As cyber attacks grow increasingly sophisticated and e-commerce continues to gain momentum, grocery delivery companies and retailers have become targets for hackers, making cybersecurity a priority for these companies. 

In 2017, Target had to fork over $18.5 million to 47 states as part of a settlement over a security breach that occurred in 2013 and compromised credit card numbers and other information from millions of consumers. 

In 2019, Hy-Vee found that its payment systems were breached by malware at certain point-of-sale systems at its fuel stations, drive-thru coffee shops, Market Grille, Wahlburgers and the cafeteria at its headquarters. At one point, grocers were the top channel for data breaches.

Filed Under: E-commerce

Editors' picks

Company Announcements

View all | Post a press release
VideoMining Announces New Grocery Front End Behavior Benchmark Study
From VideoMining
November 07, 2024
Wesson cooking oil celebrates 125 years, casts man in role of family chef for first time
From Wesson Oil
November 07, 2024
YMX Logistics and Orange EV Join Forces to Deliver Zero Emission Transportation Solutions to Y…
From YMX Logistics, LLC.
November 18, 2024
Editors' picks
Latest in E-commerce
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell