Over 250,000 Instacart Users’ Personal Data For Sale on the Dark Web

As of yesterday, information from what appears to be 278,531 Instacart accounts went up for sale on the dark web. While the situation is developing, at least two users have confirmed the legitimacy of the exposed data.

What information was exposed?

  • Names
  • Email addresses
  • Last four digits of credit card number
  • Order histories

What happened?

Instacart denies their systems have been breached but says they are reaching out to affected users, temporarily suspending those accounts, and forcing customers to change their password. “We are not aware of any data breach at this time. We take data protection and privacy very seriously,” a spokesperson for the company told BuzzFeed. “Outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques.”

Quit reusing weak passwords. Download Dashlane today and try Premium free for 30 days.

What is phishing?

Phishing is a type of email or text scam that entices recipients to click on a malicious link or attachment. A phishing email might trick the reader into logging in to a spoofed website in order to gain the victim’s username and password, or ask the target to download a fraudulent attachment, which is actually malware. These attacks are successful because the spoofed emails are often indistinguishable from legitimate emails, aside from small changes to the “from” field, the link URL, or the spoofed company’s website. Find out more about how to spot a phishing scam here.

What is credential stuffing?

Credential stuffing is a type of attack in which hackers use previously stolen account credentials (from a separate breach or hack) in an attempt to gain access to different accounts belonging to the same victims.

What is the best way to protect yourself from a credential stuffing attack?

Stop reusing the same passwords on multiple accounts. All your accounts—but especially those that store sensitive information like credit card or social security numbers—should be protected with strong, unique passwords. A strong password has a minimum of eight characters and includes a mix of uppercase letters, lowercase letters, numbers, and special characters. Here are some additional tips to help you get out of the habit of reusing passwords:

Use a password manager
The average person has over 100 accounts. That is too many complex, unique passwords for the human brain to remember. That’s where password managers, like Dashlane, can help. Dashlane has a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.

Enable 2FA
You have the option to add extra protection with two-factor authentication (2FA), especially on sensitive apps like your social media and online banking accounts.

What can Dashlane users do?

Open Dashlane and run a dark web scan. Here’s how. Dashlane’s Dark Web Monitoring scans the web for leaked personal data and sends you alerts so you can take action to protect your accounts.

    Dashlane

    Dashlane is a mobile and desktop app that gives you a shortcut for everything you do online. Log in instantly, fly through forms, and breeze through checkouts on every device you own.

    Read More