- “Home Chef” has confirmed the validity of the “Shiny Hunters” sale, and admitted a breach.
- The meal-kit company hasn’t given many details about what has happened and when.
- Users are advised to reset their passwords and also to keep an eye on their bank account.
The meal kit and food delivery company “Home Chef” has announced a security incident that involves the private data of its customers. The firm suffered a data breach that impacted a subset of its users, according to the few details that were provided in the relevant announcement. It resulted in leaking their names, emails, phone numbers, delivery details like their home addresses, encrypted passwords, and the last four digits of the credit card numbers used for purchasing kits on the platform. Home Chef clarified that no full credit or debit card information was compromised, as they do not store this kind of data on their systems.
Still, the leaked details would be a small treasure in the hands of actors, as they are considered highly sensitive. For now, they are still investigating the incident and taking action to strengthen its security defenses. In the meantime, their customers are advised to reset their passwords, even though the accessed ones were encrypted. For those who lost their trust in the platform entirely, they may submit a request to have all their data deleted by filling out this form.
If you haven’t received a notifying email by Home Chef yet, chances are that you haven’t been exposed to hackers. Whatever the case, though, you should remain vigilant against phishing attempts, and you should monitor your bank account and check for any charges that you don’t recognize. Proactively resetting your password wouldn’t be a bad idea either, as you can never bee too cautious, really. Unfortunately, the accessed data is already available for purchase on a dark web marketplace, so there’s no question about whether it has been exfiltrated or not.
Home Chef was the second platform to admit a security incident after Chat Books, more than a week after “Shiny Hunters” offered user data of both for purchase on a dark web market. The packs of user records mostly concerned unannounced breaches, so this wasn’t very helpful in Home Chef’s effort to build trusty relationships with its customers. The eight million user records are sold for $2,500 - a relatively small cost to pay for the offered volume and type of information.