If you use Instacart for your deliveries, you might consider changing your password. Instacart got in trouble after personal user data got sold on the dark web. They suggest that insecure passwords led to the leak. Data from over 200,000 users got leaked. After the leak, these data appeared on the dark web.
What Happened to the Instacart Data After the Leak?
Buzzfeed News reported that dark web sellers in two different stores began selling the data from 278,531 accounts. Among the data sold were contact information, order histories, and the last four digits of credit cards. Buyers on the dark web could get the data for only $2 per user.
Gizmodo noted that victims of the leak confirmed the stolen information.
What Does Instacart Have to Say About the Data Leak?
In a Twitter thread, Instacart blamed users for reusing passwords. They have noted the lack of evidence of any hacking. Bad actors can easily access several sites if they can get hold of recycled passwords.
(1/4) To directly address questions about customer account information, we want to share an update for Instacart customers. We take data protection & privacy very seriously and our investigation so far has shown that the Instacart platform was not compromised or breached.
— Instacart (@Instacart) July 23, 2020
This practice is a frequent security failure. Websites often ask people to update their passwords regularly to avoid scams or leaks.
Is Instacart Doing Something About the Data Leak?
the company has said it is resetting the passwords of affected users. The company also advises the rest of its users to get unique passwords immediately.
Moreover, the company stressed that it does not store users’ credit card information. However, some affected customers have said they did not reuse passwords.
Even if you don’t have an active account, change passwords often. Password managers will make sure you won’t forget them.