Home Chef, the Chicago-based meal kit and food delivery company, announced a data breach after a hacker sold information on its 8 million customers on a dark web marketplace, according to Bleeping Computer.
The site reported that Shiny Hunters, a hacking group, was selling the Home Chef user records for $2,500. They provided a sample showing the type of information in the database. It includes the user’s name, email address, phone number, encrypted password, last four digits of their credit card, gender, age, home address and subscription information, such as frequency of deliveries.
In response to a request for comment from PYMNTS, Home Chef sent a link to its Q&A page about the breach.
“Protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information,” the statement said. “We recently learned of a data security incident impacting select customer information ... We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”
Home Chef said it only keeps the last four digits of a customer’s credit card number because it does not store complete payment information in its databases.
Bleeping Computer reported the meal kit company did not say whether the data breach notification is related to its database being sold.
While the passwords leaked in this data breach were encrypted, the report said, cybercriminals can use programs to reveal them.
Home Chef customers are advised to change their password to a strong and unique one. If that original password was used on other sites, security experts recommend passwords be changed on those sites as well.
When changing passwords, users should be sure to use a unique and strong password at every site so that a data breach does not affect their account at other companies, the computer security site said.