The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers.
Weee! claims to be the largest Asian and Hispanic grocery store in North America, delivering food across 48 states in the USA via warehouses spread throughout the country.
On Monday, a threat actor named 'IntelBroker' began leaking the data for Weee! on the Breached hacking and data breach forum.
According to the forum post, "In February 2023, a database of 11 million customers belonging to the Sayweee was stolen by hackers."
Source: BleepingComputer
The leaked database contains Weee! customers' first and last names, email addresses, phone numbers, device type (iOS/PC/Android), order notes, and other data the delivery platform uses.
After contacting Weee! about the breach, the company confirmed to BleepingComputer that customer information was stolen in the data breach.
"We recently became aware of a data breach that has affected some customer information," reads the complete statement from Weee!.
"We can confirm that no customer payment data was exposed as Weee!, does not retain any customer payment information in our databases. For customers that placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order comments may have been impacted."
"We have notified all customers of the issue and will be notifiying all impacted customers individually if their information was exposed."
"Security is a top priority for us and we are undertaking a thorough review to ensure we continue to deliver on the trust the Weee! Community places in us."
However, Weee! stresses that payment information was not exposed as they do not retain that data in their database.
While the threat actor stated the leak contains 11 million customers, Troy Hunt of the Have I Been Pwned data breach notification service told BleepingComputer that the leaked data only includes 1.1 million unique email addresses.
The additional records are likely caused by the same customer placing multiple orders.
To check if your information was exposed in this breach, you can search for your email address on Have I Been Pwned later today after the data is added.
Once the data is added to Have I Been Pwned, existing members of the notification service will automatically be notified of the data breach via email.
Comments
sun-devil99 - 1 year ago
With the amount and frequency of Data Breaches these days it is getting to the point where people are no longer surprised and don't even pay attention to the news of these anymore. This is getting out of hand. My doctor got hit a couple years ago...likely ransomware and they lost everything. The only way I found out was I just happened to have had an appointment a few days after the incident. It took them six-months to formally admit something had happened (and of course offer a free ID protection service for a few months). They only sent a letter to me even though my parents were patients of the same doctor.
xafase - 1 year ago
And until companies are punished for allowing it, it will continue to happen.
NoneRain - 1 year ago
They're punished....
cosmixfrost - 1 year ago
In January, my wife received a suspicious text pretending to be a wrong number. It was in Chinese, my wife replied saying they have the wrong number. The person then replied saying something along the lines of "what fortune to have accidentally messaged someone who also speaks Chinese". After that I told her it was a phishing attempt and to be careful. She replied a couple of times to see what they wanted and ultimately concluded it was a scam. A few days later I received a similar text.
I suspected one of the Asian grocery apps we use got hacked and they were using the data to target the customers. Now I know it was Weee!