Thursday, April 3, 2025
HomeCyber AttackHome Chef Hacked - Hackers Selling 8M User Records on a Dark...

Home Chef Hacked – Hackers Selling 8M User Records on a Dark Web Marketplace

Published on

SIEM as a Service

Follow Us on Google News

Home Chef, a US-based meal kit delivery service suffers a data breach, hackers stolen more than 8 million customer records.

How are when the hack attack took place is unknown, the company is investigating the situation now.

Home Chef Hacked – What Data Impacted?

The hack impacts the following customer information

  • Email address, name, and phone number
  • Encrypted passwords
  • The last four digits of credit card numbers
  • Other account information such as frequency of deliveries and mailing address may also have been compromised

Home Chef is to notice the impacted customers, also the company confirms all the customers are not impacted.

If your account impacted in the breach then you will be getting notified, else the company will not alert you.

The protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information.

Also, the company confirms that they do not store complete credit or debit card information.

We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future, reads FAQ published by the company.

Home Chef recommended you to reset the passwords by visiting their website, if you reuse the password then it is recommended to change with all the portals.

Learned that databases sold by Shiny Hunters contain 8 million user records for Home Chef.

Shiny Hunters started selling hacked databases that contain over 73.2 Million user records of 11 different companies over the dark web.

It all starts with the Tokopedia dump shared last week contains more than 90 million user records, followed by Unacademy dump and the hack of the Microsoft’s GitHub account.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS

Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z...

New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls

Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware...

DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords

A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies...

SonicWall Firewall Vulnerability Enables Unauthorized Access

Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords

A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies...

EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations

EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of...

Hackers Exploit Cloudflare for Advanced Phishing Attacks

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing...