The US-Based Home Chef Urges Clients to Change Passwords After a Data Breach Was Revealed

Home Chef Data Breach

We often talk about how important it is to act quickly in the aftermath of a data breach. Companies not only need to make sure that the cybercriminals have been successfully blocked and the security holes have been plugged, but they must also inform affected customers and transparently disclose the breach to the public. Incidents like the one that befell food delivery company Home Chef shows that we'll probably need to continue repeating all this.

Home Chef – one of Shiny Hunters' victims

In early May, a new group of cybercriminals caught security experts' attention. They call themselves Shiny Hunters, and they appear to have access to a large collection of stolen information, which they are trying to monetize. First, a database taken from a popular Indonesian website called Tokopedia was put up for sale. Next, they tried to shift 22 million records stolen from an online educational platform Unacademy, and a few days later, Shiny Hunters proved once again that they are not to be underestimated.

They went back to their favorite hacking forums and announced no fewer than 10 previously unreported data breaches. They didn't claim to be responsible for the attacks, but they did point out that they have the stolen databases, and they are willing to share them in exchange for some bitcoins.

Priced between $500 and $3,500 per data set, the leaked information had been stolen from various different organizations, and as you might imagine, Home Chef is one of them. The hackers pilfered a total of 8 million records from the food delivery network, and they want $2,500 for them. For that, buyers get a substantial database that includes names, emails, phone numbers, various bits of account-related information, as well as encrypted passwords and the last four digits of people's credit or debit cards. Unfortunately, the encryption algorithm protecting the passwords remains unknown for now.

Home Chef waited for close to two weeks before it disclosed the data breach

On the whole, the details around the attack against Home Chef are somewhat scarce, but some of you could argue that we're lucky to have even that. Shiny Hunters' wholesale first made the news on May 9, when Bleeping Computer reported on it. At the time, only one (a photo album vendor called ChatBooks) of the ten affected organizations admitted that it had been targeted by cybercriminals, and although the news website tried to get in touch with everyone involved, the other companies preferred not to answer their emails. Home Chef is the second member of this group to come clean about the breach, and the way it's done it highlights the enormous problem we have with data security incidents and their disclosure.

It's been almost exactly two weeks since Shiny Hunters first told us that Home Chef has been hacked. Only the hackers can say how many people have paid for the stolen data during this period, and even they can do little more than guess how many times it's been re-shared.

The fact that it was put up for sale is not something Home Chef likes to discuss with its users. In fact, the FAQ page the company put together offers very little in the way of information. It doesn't do a very good job of giving users a clear account of what's happened, but it does showcase how many clichés companies use after they've been hit by a data breach. The only positive thing about it is that it urges users to change their passwords out of an abundance of caution.

If you are a Home Chef user, it is indeed a good idea to do that. Here are the steps:

  1. Log into your Home Chef account
  2. Click the Account dropdown menu and select Account information
  3. Fill out the Change Your Password form
  4. Click Save Your Settings

Companies appear to be convinced that they can somehow save their faces if they share little or no information about cybersecurity incidents they've been through. In the end, however, the users are the ones who could end up on the wrong end of all the different attacks enabled by data breaches, and they have every right to know what they need to look out for. The delayed disclosure and the reluctance to share details do nothing more than put the user under additional risk, and this can't be beneficial for the company's reputation.

By Duran
May 21, 2020
News
English
May 21, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

T-Mobile Data Breach Forces Customers to Change Their Passwords

Over the weekend, T-Mobile customers started receiving text messages that got them quite worried. Their telecommunication provider had suffered a data breach, which resulted in unauthorized access to customer... Read more

November 26, 2019
News

NewsNow Urges All Users to Change Passwords NOW After Data Breach

Without using any official channels to announce the news to the world, NewsNow, a British news aggregator agency, sent out email notifications to their users saying that changing some passwords might be in order. The... Read more

September 28, 2018
News

Canva Users Are Advised to Change Their Passwords After a Data Breach

Learning that an online service with hundreds of millions of users has found itself on the receiving end of a cyberattack is never a good thing. However, many different factors regarding the nature of the breached... Read more

May 28, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.