The personal details of the Instacart customers are sold on dark web conatining the last four digits of credit card numbers, and order histories. The information is being sold by sellers on two dark wen stores and has impacted “millions of customers across the US and Canada,” according to a company spokesperson.
The names, credit card numbers, and order histories of Instacart customers are being sold online without their knowledge https://t.co/Ao96WwaHm3
— BuzzFeed News (@BuzzFeedNews) July 23, 2020
Experts Comments
The reporting suggests this data is definitely legitimate.
The reporting suggests this data is definitely legitimate. If there was a breach of this size that occurred — and all signs suggest that it has — it shows how vulnerable cloud data and infrastructure is if not properly managed. This should call into question what cybersecurity decisions are being made while building and creating cloud services for consumers. With a proper cybersecurity program leveraging appropriate (and very accessible) monitoring and reporting tools, this type of breach.....Read More
It’s possible that Instacart has unknowningly suffered a breach.
Attribution is a common problem for data posted for sale on dark web forums. It’s possible that Instacart has unknowningly suffered a breach, but it’s also possible that the leak came from a third party with access to Instacart’s data. The unfortunate thing is that most organizations do not have good enough insight to how their data is accessed or where it may have proliferated to. Even if Instacart’s main service has not been compromised, it’s possible that a development or support.....Read More
This is especially true for credit cards that have been used to order anything online.
The Instacart breach serves as a reminder to all credit card users to keep an eye on all of their credit card accounts for unusual activity. This is especially true for credit cards that have been used to order anything online. If you see any unusual activity on your credit card statements, immediately call your card issuers to dispute the charges and to receive a new card. It is also wise to invest in credit monitoring services to warn you of any possible identity theft attempts.
Google and Facebook appear to have strong account password policies and protections
"From the information that has been released thus far, we know that Instacart allows users to use three possible methods of authentication: an Instacart account, Google, and Facebook. While Google and Facebook appear to have strong account password policies and protections, Instacart’s password policy only requires 6 characters. This is below the industry standard and is considered a weak password policy. I don’t believe phishing is a likely attack vector in this case, as it would take much .....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These are historic times and some bad actors are driven to these types of attacks by urgent financial need. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-instacart-customers-personal-data-sold-on-dark-web
Facebook Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These are historic times and some bad actors are driven to these types of attacks by urgent financial need. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-instacart-customers-personal-data-sold-on-dark-web