Report: Instacart Customer Data Is Being Sold on the Dark Web

Instacart denies there has been a breach of its servers, so where is the personal data coming from?
Report: Instacart Customer Data Is Being Sold on the Dark Web
Image credit: Instagram via PC Mag

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Senior Editor
2 min read
This story originally appeared on PC Mag

Grocery delivery and pick-up service Instacart is facing a major security dilemma today. The personal details of its customers are being sold on the dark web, but the company is denying its servers have been breached.

As BuzzFeed News reports, so far, 278,531 Instacart accounts were found to be for sale on the dark web, costing as little as $2 per customer. The information includes the customer name, email address, the last four digits of their credit cards, the order history for the account and some other shopping-related data. The validity of the account information has been verified by two Instacart customers whose details are up for sale, and this information is not old. The accounts being sold contain information from orders placed through June and up to July 22.

When BuzzFeed approached Instacart with the information, a spokesperson responded by saying, "We are not aware of any data breach at this time. We take data protection and privacy very seriously.... Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Instacart has millions of customers across the U.S. and Canada, so this counts as a relatively small breach of customer information. It may be that the details have been stolen from customers outside of the Instacart platform as the company hints at, but surely then there would be much more information for sale per account?

Related: Google Is Getting Into the Grocery Delivery Game

Any Instacart customers concerned about the security of their personal details can take the usual steps of changing their account password and enabling two-factor authentication if its available to you. If possible, I'd also remove the credit card associated with the account. Keeping your operating system up-to-date and using a good security suite for protection is also strongly advised. Hopefully, Instacart is investigating why hundreds of thousands of its customers are having their details sold and will release a statement including an explanation.

More from Entrepreneur
Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Entrepreneur Insider members enjoy exclusive access to business resources for just $5/mo:
  • Premium articles, videos, and webinars
  • An ad-free experience
  • A weekly newsletter
  • A 1-year Entrepreneur magazine subscription delivered directly to you
Try a risk-free trial of Entrepreneur’s BIZ PLANNING PLUS powered by LivePlan for 60 days:
  • Get step-by-step guidance for writing your plan
  • Gain inspiration from 500+ sample plans
  • Utilize business and legal templates
  • And much more

Latest on Entrepreneur