Should I Worry About Instacart Data Leaks?
If you are an Instacart shopper, hackers can sell your data online. According to a recent Buzzfeed report, 278,531 Instacart accounts are being sold in at least two hacking communities for as little as $ 2 apiece. Each account includes full names, the last four digits of credit card numbers, and order history. The lists appeared back in April and were constantly updated with new accounts – most recently.
Instacart denies that its database has been compromised, noting that if it is compromised, it will immediately inform its users and automatically force them to change their passwords to prevent unwanted access. However, Buzzfeed spoke to several people who were leaked. These users have confirmed that the information offered by these dark web sellers is correct, but stated that Instacart has never contacted them or reset their passwords automatically.
This means that Instacart is either lying about the hack, never discovered it, or nearly 300,000 Instacart users have suffered from various external phishing attacks. However, all three scenarios end up with the same end result: Instacart account credentials are stolen and sold online, and users need to make sure their accounts are safe. This includes:
- Updating passwords starting with the affected account and then repeating for any accounts associated with it and / or accounts using the same password. (Remember to always make all your new passwords unique .)
- Enabling two-factor authentication and any other login security options.
- Use an encrypted password manager to easily and securely store your login information.
- Check and update any other affected accounts and email addresses with Have I Been Pwned .
- Tracking suspicious financial activity and unauthorized account logins.
- Contact your bank immediately if you see unrecognized transactions.
While Instacart users probably don’t need to take more drastic measures than these, I will continue to monitor suspicious allegations over the next few months. You don’t have to scan them every day, but it would be a good idea to check their associated credit card bills every month when you pay your bill.
As always, make sure you do your best to avoid installing sketchy apps and browser extensions, visiting websites that aren’t what you think, or responding to fake emails with your real information. Phishing attacks can be sophisticated , but you can defeat most of them with a little common sense.