Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

280,000 Instacart Users' Data for Sale on the Dark Web

by Elizabeth Harper on July 23, 2020

With the threat of coronavirus, a lot of us have been grocery shopping via Instacart — which means our data may now be for sale on the dark web. Buzzfeed discovered the account information from nearly 280,000 Instacart users for sale online, and while Instacart has millions of users, that's a sizable number.

The data includes names, email addresses, the last four digits of credit card numbers and order history from June and July 2020 — some of it as recent as this Wednesday. Though this data may include duplicates or fake accounts, at least some of it's accurate: customers whose data is on sale have confirmed their information and order history is correct.

However, Instacart claims it hasn't been hacked. Instead, it blames users for poor security practices, like reusing passwords or accidentally revealing their passwords in phishing attacks. That implies that the thieves used stolen passwords to log on to individual accounts and grab data. Because many of us reuse passwords, this is possible — but Instacart could have also taken more security precautions to help users protect their data. Supporting two-factor authentication, requiring users to do additional account verification if their account is accessed from an unknown source, or emailing the user when their account is accessed could have stopped (or at least slowed) this kind of data theft.

Note that if you use Google or Facebook to log into Instacart and have two-factor authentication turned on for these accounts, your data should be safe. 

How to protect your data

Users can take actions to protect their data in the future. Instacart claims affected users are required to create a new password before they log in next — but we recommend changing your password even if Instacart doesn't ask you to. When you change your password, make sure to use a strong one that you don't use on any other website. It can be tough to remember all of these passwords, so we suggest using a secure password manager to keep track and help generate strong, random passwords. And, if you use Google or Facebook to log into Instacart and don't have two-factor authentication (2FA) turned on, turn it on (Here's how to turn on 2FA for Google and for Facebook.). 

It's also a good idea to keep an eye on data breaches so you know whether your passwords have been stolen. You can sign up for emails from Have I Been Pwned that will tell you when accounts with your information have been compromised in a data breach. If they are, you should change your password for the site (and any other sites using the same password) immediately. Many password managers and some browsers will also tell you when your passwords have been compromised, so it's easier than ever to keep tabs on your account security.

If websites offer two-factor authentication, which requires you to enter a password and verify your identity by a second method, you should use it. This often means entering a code from a text message or a security app when you enter your password, which makes it much more difficult for people to get into your accounts. You can easily check whether sites you use offer two-factor authentication by doing a simple search on Not many ecommerce sites offer it, but you should still check and set it up whenever it is available.

Even though full credit card numbers don't seem to be compromised in this Instacart breach, you should watch your credit card bill for fraudulent charges. (To make this easier, many companies let you sign up for alerts if they see a suspicious charge.) Any information hackers acquire can help them commit fraud, and it's better to be safe than sorry. If you see any unfamiliar charges, you should contact your credit card company immediately.

If your data has been stolen, there's no getting it back — but you can protect yourself from future theft. 

[Image credit: Instacart]


Shopping, News, Health and Home, Kitchen, Blog, Privacy

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.