Thousands of Instacart customer details sold online

News
By last updated

Instacart says credential stuffing and not a data breach is likely to blame

(Image credit: Instacart)

The personal information of thousands of users of the grocery delivery service Instacart is being sold on the Dark Web for around $2 per customer.

This data includes the names, last four digits of credit card numbers and order histories of the service's users and even customers who used the service recently, according to a report from BuzzFeed News.

As of last Wednesday, sellers in two Dark Web stores were selling user information from what appears to be 278,531 accounts. However, some of these accounts could be duplicates or not genuine. Instacart has millions of customers across the US and Canada as of April of this year as more people turn to having their groceries delivered to avoid going into supermarkets during the pandemic.

Not a data breach

In a security update published on its website, Instacart explained that credential stuffing was likely to blame and that its platform had not been compromised or breached, saying:

“Our teams have been working around the clock to quickly determine the validity of reports related to site security and so far our investigation has shown that the Instacart platform was not compromised or breached. Based on our team’s assessment, we believe that this is what is commonly referred to as credential stuffing — an activity that occurs across the web when a person uses the same login credentials across various websites and apps.”

Credential stuffing is a tactic often employed by cybercriminals who use usernames and passwords from past data breaches to try and gain access to users' accounts on other services. However, it seems plausible that hundreds of thousands of Instacart customers used the same passwords across multiple sites.

To protect its users, Instacart is notifying affected customers, invalidating their previous passwords and advising them to reset their password as an extra security measure.

Via BuzzFeed News

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
More about security
A graphic showing someone on a tablet working through a supply chain.

Security issue in open source software leaves businesses concerned for systems
person at a computer

Infamous ransomware hackers reveal new tool to brute-force VPNs
ViewSonic VP2788-5K Display

Viewsonic's 5K monitor finally goes on sale, but is it already too little too late to make a splash?

See more latest
Most Popular
ViewSonic VP2788-5K Display
Viewsonic's 5K monitor finally goes on sale, but is it already too little too late to make a splash?
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Maxtang SXRL-20 mini pc
This fanless PC looks like a giant heatsink and has one incredible feature: five, yes five, 4K-capable HDMI ports
Aoostar G-flip 370
There's no need for a monitor with this Ryzen AI-powered mini PC
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs
This prototype mini PC demonstrates a massive leap forward for integrated graphics in a console form factor
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Minisforum AI X1 mini PC
Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful Ryzen 7 260 APU
AOOSTAR G-FLIP mini PC
AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of AIO PC just a tiny bit
26TB WD Red Pro HDD
Western Digital introduces 26TB WD Red Pro HDDs for RAID and NAS systems at a surprisingly low price