Just as Chicago can’t go a whole week without a gang-related shooting, there’s another data breach in the news, sadly this data breach happened down the road from InfoSec News’ office in Chicago Illinois.
In a security alert posted on Home Chef’s website on Wednesday, May 20th, the Chicago-based, Kroger owned meal company had learned of a data breach and the following was stolen, email address, name and phone number, encrypted passwords, The last four digits of credit card numbers and other account information such as frequency of deliveries and mailing address may also have been compromised in the data breach.
Home Chef reports that it does not store complete credit or debit card information and “Protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information”
The Home Chef data breach statement continues “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”
In early May 2020, BleepingComputer reported a hacking group known as Shiny Hunters were selling over 70 million user records from eleven different companies on a dark web hacking marketplace which included eight million records for Home Chef, the asking price for Home Chef’s list was a mere $2,500.00
While the Home Chef passwords were encrypted, Home Chef recommends their users to change their password in an abundance of caution. InfoSec News recommends all users to seriously consider purchasing and using a password manager like KeePass, LassPass or 1Password to both safely store and create long, complex, hard to crack passwords.
Home Chef was founded in the summer of 2013 by Pat Vihtelic (Now Home Chef’s CEO) who taught himself to code, built a website, and quit his job as an investment banker. Last year, Home Chef delivered over 10 million meals and expanded its delivery to cover more than 97% of the U.S. population.
In May 2018, Cincinnati-based Kroger (NYSE: KR), the nation’s largest operator of traditional supermarkets, agreed to buy Chicago-based Home Chef in a deal worth as much as $700 million.