Saturday, April 5, 2025
HomeCyber AttackHome Chef Hacked - Hackers Selling 8M User Records on a Dark...

Home Chef Hacked – Hackers Selling 8M User Records on a Dark Web Marketplace

Published on

SIEM as a Service

Follow Us on Google News

Home Chef, a US-based meal kit delivery service suffers a data breach, hackers stolen more than 8 million customer records.

How are when the hack attack took place is unknown, the company is investigating the situation now.

Home Chef Hacked – What Data Impacted?

The hack impacts the following customer information

  • Email address, name, and phone number
  • Encrypted passwords
  • The last four digits of credit card numbers
  • Other account information such as frequency of deliveries and mailing address may also have been compromised

Home Chef is to notice the impacted customers, also the company confirms all the customers are not impacted.

If your account impacted in the breach then you will be getting notified, else the company will not alert you.

The protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information.

Also, the company confirms that they do not store complete credit or debit card information.

We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future, reads FAQ published by the company.

Home Chef recommended you to reset the passwords by visiting their website, if you reuse the password then it is recommended to change with all the portals.

Learned that databases sold by Shiny Hunters contain 8 million user records for Home Chef.

Shiny Hunters started selling hacked databases that contain over 73.2 Million user records of 11 different companies over the dark web.

It all starts with the Tokopedia dump shared last week contains more than 90 million user records, followed by Unacademy dump and the hack of the Microsoft’s GitHub account.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of...

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM)...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of...

Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks

As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered...

Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers

Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed...