Instacart user data is reportedly being sold online, but the company denies there was a breach
- Personal information belonging to thousands of Instacart users is up for sale on the dark web, BuzzFeed reported on Wednesday.
- The information being sold includes customer names, the last four digits of credit card numbers, and order histories.
- An Instacart spokesperson said the company is not aware of a data breach.
The personal data of thousands of Instacart users is for sale on the dark web, BuzzFeed reported late Wednesday night.
The personal information reportedly includes customer names, the last four digits of credit card numbers, and order histories. It is being sold for about $2 a person and appears to have been uploaded in June and July.
An Instacart spokesperson told Business Insider the company is not aware of a data breach.
"We take data protection and privacy very seriously. As a part of this commitment, we have a dedicated security team as well as multiple layers of security measures across common vectors designed to protect the integrity of all user accounts," the spokesperson said.
"More broadly, outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In general, this type of activity can occur across the web when a person uses similar login credentials across various websites and apps. In instances where we believe a customer's account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password."
Instacart has benefited from a boom in online grocery as many continue to stay at home amid the coronavirus pandemic. At the beginning of July, the company raised an additional $100 million in venture funding, adding to the $225 million it raised in June. It was valued at $13.8 billion in the most recent funding round.