Meal delivery service Home Chef discloses data breach

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information.

Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. Home Chef also explained that only a portion ot its customers were impacted in the security incident.

In early May, Shiny Hunters hacking group started offering for sale the databases containing tens of millions from user records from over 11 companies.

Below the complete list published by BleepingComputer:

Company	User Records	Price
Tokopedia	91 million	$5,000
Home Chef	8 million	$2,500
Bhinneka	1.2 million	$1,200
Minted	5 million	$2,500
Styleshare	6 million	$2,700
Ggumim	2 million	$1,300
Mindful	2 million	$1,300
StarTribune	1 million	$1,100
ChatBooks	15 million	$3,500
The Chronicle Of Higher Education	3 million	$1,500
Zoosk	30 million	$500

At the time, the Shiny Hunters were offering more than 8 million records for $2500.

Now the company confirmed the data breach, saying that the incident has impacted select customer information.

Exposed data includes email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.

“Was My Credit Card Information Compromised? Home Chef does not store complete credit or debit card information” reads the FAQ published by the company.

“Information such as frequency of deliveries and mailing address may also have been compromised,”.

Home Chef also underlined the fact that it does not store complete credit or debit card information. The company is investigating the incident and announced that it is taking action to strengthen its security defenses and prevent similar incidents in the future.

Although the company stores passwords in encrypted format, it recommends users to change the password in an abundance of caution following these process:

1. Visit www.homechef.com
2. Click on “Log in”
3. Click on “Account Information”, which is located under the “Account” dropdown menu
4. Complete the “Change Your Password” section and click “Save your settings.” There’s no need to adjust the other sections on the Account page (e.g. “Subscription”)

Home Chef users should remain vigilant against phishing attacks and suspicious activity in their accounts.

The company is notifying the incident to the impacted users.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – HomeChef, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]