Home Chef data breach leaks 8 million user records to dark web

Home Chef lost the data of 8 million subscribers.
Image: Home Chef

Right now, more people are cooking at home than ever before. This means that meal delivery kit startups like Home Chef are seeing an influx of new subscribers. Unfortunately, that particular company has landed in hot water.

It just confirmed a massive data breach that leaked more than eight million customer records to the dark web. The breach reportedly occurred two weeks ago. As of now, Home Chef claims that not all users were affected and plans to reach out to those who were.

Soggy Security

Today’s digital world requires serious cybersecurity. Companies that don’t have it suffer from data breaches and expose the sensitive information of their customers to cybercriminals. It’s a bad look for those companies and can leave them struggling to recover depending on the extent of the breach. For startups, the stakes are even higher.

Manage your supply chain from home with Sourcengine

Home Chef disclosed the recent data breach in an email to its subscribers. It detailed that customer email addresses, names, and phone numbers were all compromised. In the wrong hands, that data can put people at higher risk for being targeted by phishing attacks and spam calls. Moreover, Home Chef notes that the last four digits of users’ credit cards were also stolen.

To make matters worse, the breach is surrounded by unknowns. The company claims that hackers may have gained access to things like physical mailing addresses, encrypted passwords, and information on the frequency of Home Chef deliveries.

The breach was originally reported on May 9 by Bleeding Computer in an article detailing that more than eight million Home Chef customer records were for sale on the dark web. Cybercriminals could reportedly purchase the trove of information for $2,500.

Home Chef reached out to customers following the breach, urging them to reset their passwords. A company spokesperson said in a statement, “We do not store complete credit or debit card information, nor maintain passwords in plain text. We are taking quick, aggressive actions to investigate this situation and prevent similar events from happening in the future.”

At this point, it remains unclear what sort of cybersecurity lapse led to the breach.

Painful Consequences

Users don’t appreciate it when a company fumbles their personal data. In a market as crowded as the home meal kit space, such a massive data breach could be debilitating. Customers could easily turn to one of Home Chef’s competitors for their meal deliveries.

On the bright side, Home Chef does have some significant support. The startup was acquired by Kroger in 2018. As such, it has the benefit of being backed by a much larger company.

Nonetheless, the optics aren’t good.

This breach serves as a reminder to all startups, large corporations, and individuals that cybersecurity should be a top priority.


Please enter your comment!
Please enter your name here