Exploit: Unauthorized Database Access
Instacart: Grocery Delivery Service
Risk to Small Business: 2.571 = Moderate
Instacart suffered a data breach last week. Maybe. Multiple reliable news outlets are reporting that Instacart had a breach, with records for hundreds of thousands of users in the US and Canada discovered as exposed on the Dark Web. Instacart denies that it had a security breach. Instead, Instacart said in a corporate statement that third-party bad actors were able to use “a few” usernames and passwords that were compromised in previous data breaches of other websites and apps to log in to some Instacart accounts and access basic customer account information such as first name, address, last order, total order number, and in some cases, the last four digits of a customer’s credit card.
Individual Risk: 2.823 = Moderate
No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data.
Customers Impacted: 278,531
How it Could Affect Your Customers’ Business: Credential compromise from other sources is a problem for every business. With so many login and password combinations to keep track of these days, password recycling is common – and dangerous.