Instacart Denies Report That User Data Is Being Sold Online
The personal information reportedly “includes customer names, the last four digits of credit card numbers, and order histories,” wrote Business Insider. “It is being sold for about $2 a person and appears to have been uploaded in June and July.”
An Instacart spokesperson told Business Insider that the company is not aware of a data breach. "We take data protection and privacy very seriously. As a part of this commitment, we have a dedicated security team as well as multiple layers of security measures across common vectors designed to protect the integrity of all user accounts," the spokesperson said.
"More broadly, outside of the Instacart platform, attackers may target individuals using phishing or credential stuffing techniques. In general, this type of activity can occur across the web when a person uses similar login credentials across various websites and apps. In instances where we believe a customer's account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password,” the spokesperson continued.
Business Insider wrote that “Instacart has benefited from a boom in online grocery as many continue to stay at home amid the coronavirus pandemic.” At the beginning of July, Instacart raised an additional $100 million in venture funding, and was valued at $13.8 billion in the most recent funding round.