Meal delivery service Home Chef discloses data breach

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information.

Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. Home Chef also explained that only a portion ot its customers were impacted in the security incident.

In early May, Shiny Hunters hacking group started offering for sale the databases containing tens of millions from user records from over 11 companies.

Below the complete list published by BleepingComputer:

CompanyUser RecordsPriceTokopedia91 million$5,000Home Chef8 million$2,500Bhinneka1.2 million$1,200Minted5 million$2,500Styleshare6 million$2,700Ggumim2 million$1,300Mindful2 million$1,300StarTribune1 million$1,100ChatBooks15 million$3,500The Chronicle Of Higher Education3 million$1,500Zoosk30 million$500At the time, the Shiny Hunters were offering more than 8 million records for $2500.

Now the company confirmed the data breach, saying that the incident has impacted select customer information.

Exposed data includes email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.

“Was My Credit Card Information Compromised? Home Chef does not store complete credit or debit card information” reads the FAQ published by the company.

“Information such as frequency of deliveries and mailing address may also have been compromised,”.

Home Chef also underlined the fact that it does not store complete credit or debit card information. The company is investigating the incident and announced that it is taking action to strengthen its security defenses and prevent similar incidents in the future.

Although the company stores passwords in encrypted format, it recommends users to change the password in an abundance of caution following these process:

Visit www.homechef.comClick on “Log in”Click on “Account Information”, which is located under the “Account” dropdown menuComplete the “Change Your Password” section and click “Save your settings.” There’s no need to adjust the other sections on the Account page (e.g. “Subscription”)Home Chef users should remain vigilant against phishing attacks and suspicious activity in their accounts.

The company is notifying the incident to the impacted users.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – HomeChef, hacking)

The post Meal delivery service Home Chef discloses data breach appeared first on Security Affairs.