The US-based meal kit and food delivery service Home Chef has announced that it suffered a data breach after a hacker sold 8m of its user records on the dark web.
As reported by BleepingComputer, a hacking group called Shiny Hunters was recently selling the user records of eleven companies on a dark web marketplace from $500 to $5,000 depending on the number of records each database contained.
Home Chef was one of the eleven companies and the hackers claimed to have 8m of its user records available for sale for just $2,500. They also provided a sample of the type of information available in the database for potential buyers.
This information included users’ email addresses, encrypted passwords, the last for digits of their credit cards, gender, age, subscription information and more.
Home Chef data breach
Home Chef has now officially acknowledged that it suffered a data breach in a data security incident notice posted on its web site, which reads:
“Protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information. We recently learned of a data security incident impacting select customer information, including names and emails, as well as limited customer account information and encrypted passwords. We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”
According to Home Chef, affected customers’ had their email addresses, names, phone numbers, encrypted passwords and the last four digits of their credit card numbers exposed. Other account information such as frequency of deliveries and mailing addresses may have also been compromised.
Although the passwords leaked in the data breach were encrypted, hackers could still be able to decrypt them which is why all Home Chef customers should change their passwords immediately.