Report: Instacart Customer Data Is Being Sold on the Dark Web

Instacart denies there has been a breach of its servers, so where is the personal data coming from?
Report: Instacart Customer Data Is Being Sold on the Dark Web
Image credit: Instagram via PC Mag

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Senior Editor
2 min read
This story originally appeared on PC Mag

Grocery delivery and pick-up service Instacart is facing a major security dilemma today. The personal details of its customers are being sold on the dark web, but the company is denying its servers have been breached.

As BuzzFeed News reports, so far, 278,531 Instacart accounts were found to be for sale on the dark web, costing as little as $2 per customer. The information includes the customer name, email address, the last four digits of their credit cards, the order history for the account and some other shopping-related data. The validity of the account information has been verified by two Instacart customers whose details are up for sale, and this information is not old. The accounts being sold contain information from orders placed through June and up to July 22.

When BuzzFeed approached Instacart with the information, a spokesperson responded by saying, "We are not aware of any data breach at this time. We take data protection and privacy very seriously.... Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer’s account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Instacart has millions of customers across the U.S. and Canada, so this counts as a relatively small breach of customer information. It may be that the details have been stolen from customers outside of the Instacart platform as the company hints at, but surely then there would be much more information for sale per account?

Related: Google Is Getting Into the Grocery Delivery Game

Any Instacart customers concerned about the security of their personal details can take the usual steps of changing their account password and enabling two-factor authentication if its available to you. If possible, I'd also remove the credit card associated with the account. Keeping your operating system up-to-date and using a good security suite for protection is also strongly advised. Hopefully, Instacart is investigating why hundreds of thousands of its customers are having their details sold and will release a statement including an explanation.

More from Entrepreneur

Our Franchise Advisors will guide you through the entire franchising process, for FREE!
  1. Book a one-on-one session with a Franchise Advisor
  2. Take a survey about your needs & goals
  3. Find your ideal franchise
  4. Learn about that franchise
  5. Meet the franchisor
  6. Receive the best business resources
Entrepreneur Insider members enjoy exclusive access to business resources for just $5/mo:
  • Premium articles, videos, and webinars
  • An ad-free experience
  • A weekly newsletter
  • Bonus: A FREE 1-year Entrepreneur magazine subscription delivered directly to you
Discover a better way to hire freelancers. From business to marketing, sales, finance, design, technology, and more, we have the freelancers you need to tackle your most important work and projects, on-demand.

Latest on Entrepreneur