2 min read

As hackers sell 8 million user records, Home Chef confirms data breach

Graham CLULEY

May 22, 2020

As hackers sell 8 million user records, Home Chef confirms data breach

Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers.

Quite how the hackers breached Home Chef’s systems is unclear. In its own FAQ about the security breach, the business shares no details other than to say that it “recently learned of a data security incident impacting select customer information.”

However, earlier this month – weeks before Home Chef went public about its security breach – Bleeping Computer reported that the company was one of eleven whose breached data was being offered for sale on a dark web marketplace.

According to Lawrence Abrams of Bleeping Computer, the ShinyHunters hacking gang were offering eight million user records from Home Chef for $2,500.

ShinyHunters was offering for sale millions of stolen records from the Zoosk dating app, the photo book-making firm Chatbooks, the online art and design marketplace Minted, and others.

It seems natural to assume that Home Chef was not aware that it had suffered a data breach until cybersecurity journalists started writing about ShinyHunters’ attempt to sell the data on the underground marketplace.

According to Home Chef, information accessed by the hackers included customers’ email addresses, names, gender, phone numbers, the last four digits of credit card numbers, and “encrypted” passwords.

Quite what the Home Chef means by “encrypted” passwords is unclear, as the firm does not specify what encryption algorithm had been used (some are more resistant to cracking than others) and whether the data had been hashed (with a judicious sprinkling of salt) beforehand.

My feeling is, particularly when breached companies seem reticent to share details of how their passwords were being stored is to assume the worst – which means not only changing your password on that particular site, but also ensuring that you are not using that same password anywhere else on the internet.

And, obviously, make sure that any password you choose is not just unique, but also strong and hard to crack. A password manager is typically much better at generating (and indeed remembering!) hard to crack passwords than the human brain.

Home Chef says that it is contacting affected customers, strengthening its security systems, and sensibly is advising customers to change their passwords. In addition if you have ever used Home Chef you would be wise to keep an eye open for suspicious communications, which might be phishing attacks exploiting the breached data.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read