Instacart blames reused passwords for a recent series of data breaches

Monday 27 July 2020 13:44 CET | News

US-based grocery delivery and pick-up service company Instacart has stated that the reused passwords are to blame for a recent series of data breaches. 

According to, the personal data of hundreds of thousands of Instacart customers was stolen and put up for sale on the dark web. However, the company stated that its investigation showed that Instacart ‘was neither compromised nor violated’ and it appears that third-parties were enabled to use usernames and passwords that were compromised in previous data breaches from other websites and applications to log in to some of Instacart’s accounts.

Moreover, it was reported that Instacart doesn’t support two-factor authentication (2FA), which – if customers had enabled it – would have prevented hackers from stealing their data, as a research released by Google shows that even the two most basic factors can prevent the majority of automatic credential stuffing attacks.

Furthermore, when asked about plans of implementing 2FA, the company had no comment on the record beyond pointing to Instacart’s already released statement.

Overall, the company claims that security is one of its top priorities and that it has a dedicated security team, as well as multiple layers of security measures to protect the integrity of all customer accounts and data. However, without giving users basic security features like 2FA, its consumers aren’t able to properly protect their accounts, reported.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Instacart, US, reused passwords, data breaches, dark web, third-parties, two-factor authentication, 2FA, Google
Categories: Fraud & Financial Crime
Countries: United States
This article is part of category

Fraud & Financial Crime

Industry Events