US-based meal kit and food delivery service, Home Chef confirms data breach after 8 million user records were sold by a hacker on a dark web marketplace.
Home Chef user records were included in the databases which were being sold by the hacking group called Shiny Hunters on the dark web. The hacker was selling this database for $2,500 and he provided a sample of the information in the database table.
The leaked information includes user’s email, encrypted password, last four digits of the credit card, gender, age, subscription information etc.
Home Chef has officially disclosed the data breach in a “Data security incident” notice posted to their web site and that they stated that the notification was related to the database that was being sold online.
According to the notice, the company considers protection of their customer data as a top priority and that they would work hard to protect their customers’ information.
Home Chef assured that they do not store complete payment information of their users and that only the last four digits of the customer’s credit card was accessed.
Even though the leaked passwords in this data breach were encrypted, it is very easy for the attackers to decrypt the password.
So, the Home Chef customers are advised to immediately change their password to a strong and unique one. Also, change the password if it is used in other sites as well.