Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. Home Chef also explained that only a portion ot its customers were impacted in the security incident.
In early May, Shiny Hunters hacking group started offering for sale the databases containing tens of millions from user records from over 11 companies.
Below the complete list published by BleepingComputer:
|Home Chef||8 million||$2,500|
|The Chronicle Of Higher Education||3 million||$1,500|
At the time, the Shiny Hunters were offering more than 8 million records for $2500.
Now the company confirmed the data breach, saying that the incident has impacted select customer information.
Exposed data includes email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.
“Was My Credit Card Information Compromised? Home Chef does not store complete credit or debit card information” reads the FAQ published by the company.
“Information such as frequency of deliveries and mailing address may also have been compromised,”.
Home Chef also underlined the fact that it does not store complete credit or debit card information. The company is investigating the incident and announced that it is taking action to strengthen its security defenses and prevent similar incidents in the future.
Although the company stores passwords in encrypted format, it recommends users to change the password in an abundance of caution following these process:
Home Chef users should remain vigilant against phishing attacks and suspicious activity in their accounts.
The company is notifying the incident to the impacted users.
(SecurityAffairs – HomeChef, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.