Alcohol e-commerce delivery startup firm Drizly informed its customers of its data breach. In an email to customers, the booze delivery app said approximately 2.5 million user data was affected.
Drizly is one of the biggest e-commerce platforms catering to alcohol delivery services. It currently provides its services to both the United States and Canada.
Having raised $68 million, this company is said to have rivaled the likes of Minibar and Delivery.com, particularly during this virus pandemic. Forbes reveals that the platform saw a 1700% increase in users in the spring of 2020, with brands partnering with the alcohol delivery service to boost sales.
Apart from customers, staff accounts were also obtained by hackers. Among the data mined by the breach were user phone numbers, email addresses, dates of birth, and passwords protected under hashed bcrypt algorithm, reports Tech Crunch.
2% of the data compromised by the hacking group were delivery addresses. However, a company representative told Tech Crunch that no financial or credit card information was obtained.
However, Tech Crunch states there are claims on the dark web marketplace from a recognized seller that there is credit card information compromised. The data for sale on the dark web retails for $14, although it has been posted on February 13, 2020.
While the hacker mined passwords, a company representative told Forbes that due to the protection via the Bcrypt encryption, “Drizly accounts should not be able to be accessed, though to be cautious we’ve encouraged users to nonetheless change their passwords.”
Tech Crunch, who has obtained a part of the data leak, however, verified the information against public records. Based on the cross-verification and research conducted by the Tech Crunch team, they found user phone numbers, as well as IP addresses and geolocation data.
Forbes states that the hacking incident was caused by ShinyHunters, reportedly part of a hacking spree conducted by the said group or individual. The hacker has claimed responsibility for 386 records from the 18 million data breaches this year, notes Forbes.
The e-commerce business only found out about the hacking incident on July 13, 2020. Following this, the alcohol delivery startup company immediately notified authorities regarding the breach. As of writing, the alcohol delivery company is working with federal law enforcement agencies to address the incident.
Besides working with the relevant authorities, Forbes states that the platform had already taken steps to boost its security lessen the risk of similar attacks in the future.