Meal delivery service Home Chef discloses data breach

Pierluigi Paganini May 21, 2020

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information.

Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. Home Chef also explained that only a portion ot its customers were impacted in the security incident.

In early May, Shiny Hunters hacking group started offering for sale the databases containing tens of millions from user records from over 11 companies.

Below the complete list published by BleepingComputer:

CompanyUser RecordsPrice
Tokopedia91 million$5,000
Home Chef8 million$2,500
Bhinneka1.2 million$1,200
Minted5 million$2,500
Styleshare6 million$2,700
Ggumim2 million$1,300
Mindful2 million$1,300
StarTribune1 million$1,100
ChatBooks15 million$3,500
The Chronicle Of Higher Education3 million$1,500
Zoosk30 million$500

At the time, the Shiny Hunters were offering more than 8 million records for $2500.

Now the company confirmed the data breach, saying that the incident has impacted select customer information.

Exposed data includes email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.

“Was My Credit Card Information Compromised? Home Chef does not store complete credit or debit card information” reads the FAQ published by the company.

“Information such as frequency of deliveries and mailing address may also have been compromised,”.

Home Chef also underlined the fact that it does not store complete credit or debit card information. The company is investigating the incident and announced that it is taking action to strengthen its security defenses and prevent similar incidents in the future.

Although the company stores passwords in encrypted format, it recommends users to change the password in an abundance of caution following these process:

  1. Visit www.homechef.com
  2. Click on “Log in”
  3. Click on “Account Information”, which is located under the “Account” dropdown menu
  4. Complete the “Change Your Password” section and click “Save your settings.” There’s no need to adjust the other sections on the Account page (e.g. “Subscription”)

Home Chef users should remain vigilant against phishing attacks and suspicious activity in their accounts.

The company is notifying the incident to the impacted users.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – HomeChef, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment