Report: Instacart Customer Data Is Being Sold on the Dark Web Instacart denies there has been a breach of its servers, so where is the personal data coming from?

By Matthew Humphries

This story originally appeared on PC Mag

Instagram via PC Mag

Grocery delivery and pick-up service Instacart is facing a major security dilemma today. The personal details of its customers are being sold on the dark web, but the company is denying its servers have been breached.

As BuzzFeed News reports, so far, 278,531 Instacart accounts were found to be for sale on the dark web, costing as little as $2 per customer. The information includes the customer name, email address, the last four digits of their credit cards, the order history for the account and some other shopping-related data. The validity of the account information has been verified by two Instacart customers whose details are up for sale, and this information is not old. The accounts being sold contain information from orders placed through June and up to July 22.

When BuzzFeed approached Instacart with the information, a spokesperson responded by saying, "We are not aware of any data breach at this time. We take data protection and privacy very seriously.... Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In instances where we believe a customer's account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."

Instacart has millions of customers across the U.S. and Canada, so this counts as a relatively small breach of customer information. It may be that the details have been stolen from customers outside of the Instacart platform as the company hints at, but surely then there would be much more information for sale per account?

Related: Google Is Getting Into the Grocery Delivery Game

Any Instacart customers concerned about the security of their personal details can take the usual steps of changing their account password and enabling two-factor authentication if its available to you. If possible, I'd also remove the credit card associated with the account. Keeping your operating system up-to-date and using a good security suite for protection is also strongly advised. Hopefully, Instacart is investigating why hundreds of thousands of its customers are having their details sold and will release a statement including an explanation.

Matthew Humphries

Senior Editor

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Data & Recovery

Making a Career Change? Consider this Fast-Growing Industry.

Cybersecurity has continued growth and, therefore, job security.

Leadership

4 Business Books All Entrepreneurs Should Read

There are countless business books out there, but let's be honest: Not all of them live up to the hype. Here are the four I'd actually recommend to all current and aspiring entrepreneurs.

Growing a Business

3 Tried-and-True Strategies For Small Businesses to Emerge Stronger No Matter What the Economy Looks Like

By focusing on financial stability, adaptability and customer-centric practices, these strategies will help businesses not only weather challenges but emerge stronger.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Health & Wellness

Burnout is Not a Badge of Honor. Follow These 4 Mental Wellness Strategies for Long-Term Success

Entrepreneurs often walk a tightrope between ambition and exhaustion. Safeguard your mental health by setting realistic goals, delegating effectively, and creating a sustainable work-life balance for long-term success.