Alcohol delivery service Drizly confirms data breach – TechCrunch


Online alcohol delivery startup Drizly has told customers that it was hit by a data breach.

In an email to customers, obtained by TechCrunch, the company said that a hacker “obtained” some customer data. The hacker took customer email addresses, date-of-birth, passwords hashed using the stronger bcrypt algorithm and, in some cases, delivery address, the email read.

As many as 2.5 million Drizly accounts are believed to have been stolen. TechCrunch obtained a portion of the data, including several accounts of Drizly staff members. We verified the data against public records. The portion of data we obtained also contains user phone numbers, IP addresses and geolocation data associated with the user’s billing address.

Drizly did not say when the hack occurred or how many accounts were affected, but did advise users to change their passwords.

A spokesperson for Drizly told TechCrunch: “In terms of scale, up to 2.5 million accounts have been affected. Delivery address was included in under 2% of the records. And as mentioned in our email to affected consumers, no financial information was compromised.”

The company said that no financial data was taken in the breach. But a listing on a dark web marketplace from a well-known seller of stolen data claims otherwise.

Screen Shot 2020 07 28 at 2.54.01 PM

The listing was posted in February 2020. (Screenshot: TechCrunch)

The listing, which we are not linking to, claims to have “Fresh Hacked” [sic] Drizly accounts. The data is on sale for $14, at the time of writing. The seller did not say when the breach took place, but the listing appears to have been posted on February 13. Although no sample of data was offered, the listing claims to have valid Drizly credit card numbers and users’ order history.

Drizly has become one of the biggest online alcohol delivery services in the U.S. and Canada, raising over $68 million to date, rivaling Minibar and Delivery.com.

Updated with a statement from Drizly and included new information about the hashing algorithm, and further details from several records of the obtained breach data.



Source link

Recent articles

Commemorate Universal’s Halloween Horror Nights at Home With These NEW Face Masks!

If we’re honest, the cancellation of Universal’s Halloween Horror Nights broke our little fright night loving hearts this year! Tribute Store Even though we know...

Bank of America strategist: ‘I’m so bearish, I’m bullish’

Only on Wall Street would an investment research report titled, “I’m so bearish, I’m bullish”...

Genshin Impact PS4 Release Date to Land This Fall

The team at miHoYo is currently working on a gorgeous open-world action-RPG, Genshin Impact. PlayStation 4 players worldwide will be able to venture into...

Triumph preps to sell G650 and composites work as refocus continues | News

Aerospace supplier Triumph Group this week progressed with a plan to divest its aerostructures divisions, saying it has signed deals to sell business-jet...

Brent Scowcroft, a Force on Foreign Policy for 40 Years, Dies at 95

Long after his retirement, Mr. Scowcroft remained a pillar of the Republican national security establishment. In the run-up to the 2016 presidential election,...

Marvel’s Avengers Beta – New Gameplay Today Live

After years of anticipation, Marvel's Avengers is almost here. But before we get to the full release of Crystal Dynamics' take on Earth's...

Leave a reply

Please enter your comment!
Please enter your name here