Alcohol delivery service Drizly confirms data breach

by
Zack Whittaker
from Crunch Hype on (#568QS)

Online alcohol delivery startup Drizly has told customers that it was hit by a data breach.

In an email to customers obtained by TechCrunch, the company said that a hacker obtained" some customer data. The hacker took customer email addresses, date-of-birth, passwords hashed using the stronger bcrypt algorithm, and in some cases delivery address, the email read.

As many as 2.5 million Drizly accounts are believed to have been stolen. TechCrunch obtained a portion of the data, including several accounts of Drizly staff members. We verified the data against public records. The portion of data we obtained also contains user phone numbers, IP addresses, and geolocation data associated with the user's billing address.

Drizly did not say when the hack occurred or how many accounts were affected, but did advise users to change their passwords.

A spokesperson for Drizly told TechCrunch: In terms of scale, up to 2.5 million accounts have been affected. Delivery address was included in under 2% of the records. And as mentioned in our email to affected consumers, no financial information was compromised."

The company said that no financial data was taken in the breach. But a listing on a dark web marketplace from a well-known seller of stolen data claims otherwise.

Screen-Shot-2020-07-28-at-2.54.01-PM.jpg

The listing was posted in February 2020. (Screenshot: TechCrunch)

The listing, which we are not linking to, claims to have fresh hacked" [sic] Drizly accounts. The data is on sale for $14, at the time of writing . The seller did not say when the breach took place, but the listing appears to have been posted on February 13. Although no sample of data was offered, the listing claims to have valid Drizly credit card numbers and users' order history.

Drizly has become one of the biggest online alcohol delivery services in the U.S. and Canada, raising over $68 million to date, rivaling Minibar and Delivery.com.

Updated with a statement from Drizly and included new information about the hashing algorithm, and further details from several records of the obtained breach data..

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=OulHDjy1Fig:4NXWxm7Offc:-BT Techcrunch?i=OulHDjy1Fig:4NXWxm7Offc:D7D Techcrunch?d=qj6IDK7rITsOulHDjy1Fig
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments