According to upnewsinfo.com, the personal data of hundreds of thousands of Instacart customers was stolen and put up for sale on the dark web. However, the company stated that its investigation showed that Instacart ‘was neither compromised nor violated’ and it appears that third-parties were enabled to use usernames and passwords that were compromised in previous data breaches from other websites and applications to log in to some of Instacart’s accounts.
Moreover, it was reported that Instacart doesn’t support two-factor authentication (2FA), which – if customers had enabled it – would have prevented hackers from stealing their data, as a research released by Google shows that even the two most basic factors can prevent the majority of automatic credential stuffing attacks.
Furthermore, when asked about plans of implementing 2FA, the company had no comment on the record beyond pointing to Instacart’s already released statement.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.