Skip to main content
close search
site logo
Dive Brief

Instacart boosts security for shoppers after breach

Published Aug. 25, 2020
Jessica Dumont's headshot
Jessica Dumont Contributor
Instacart grocery delivery
Courtesy of Instacart

First published on

Grocery Dive

Dive Brief:

  • Instacart has disclosed a security incident in which two employees of a third-party vendor reviewed more shopper profiles than necessary for their work in tech support, according to a company blog post. Instacart discovered the breach during a routine audit.
  • Instacart's investigation found the information viewed by these individuals may have included names, email addresses, phone and driver's license numbers. None of the data was downloaded or digitally copied, and no customer information or profiles were accessed in the incident.
  • About 2,180 Instacart shoppers came into contact with the vendor's agents, and Instacart has offered all of them two years of free credit monitoring as a precautionary measure. The company has suspended work at the third-party location for the time being.

Dive Insight:

Instacart's second security issue this year reveals the downsides to an industry growing more reliant on e-commerce. 

The current incident has prompted the grocery delivery service to add additional security procedures for its shoppers, who already have extensive authentication measures in place. It first will add a new support process dedicated to shoppers who think they may be impacted by the incident or anyone who has questions about security and their account. In the coming months, Instacart will also expand the use of two-factor authentication to more features within the shopper app. 

This follows another round of new security measures that Instacart recently added for shoppers, including random shopper ID verification, automatic logouts and more secure logins. Instacart has also banned device switching so shoppers can't swap devices in the middle of an order. 

This past July hackers put up for sale information on more than 278,000 Instacart accounts on the dark web. Names, delivery addresses and the last four digits of users' credit cards were compromised, but Instacart said its actual platform was not compromised or breached. It has since notified customers and invalidated their own passwords, asking them to set new ones. The company said it cannot control attackers that may target individuals outside of its platform using phishing or credential stuffing techniques. It happens more frequently when someone uses the same information to log in across different websites and apps. 

Customer data is increasingly vulnerable as more people buy online and use different grocery services. In May, Kroger's Home Chef meal service experienced a data security breach that exposed customer names, emails and passwords. Last year, Hy-Vee experienced a major incident that compromised customers' credit card information.

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
OluKai Opens First East Coast Location at Disney Springs, Florida
From OluKai
November 21, 2024
Alejandro Betancourt López and the Future of Retail
From Hawkers Sunglasses
November 13, 2024
New report profiles America's biggest Christmas gifters
From YouGov America
November 14, 2024
Instant unveils Grid: Bringing Canva-like design capabilities to building for Shopify
From Instant Page Builder
November 20, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell