data breach
In early February 2023, Weee!, a prominent online grocery delivery service specializing in Asian and Hispanic foods, disclosed a significant data breach affecting its customers. The breach, which involved the exposure of Stripe payment logs and other sensitive information, has raised concerns among users and cybersecurity experts alike. With over 11.7 million individuals impacted, this incident has become one of the more substantial data breaches in recent years, highlighting vulnerabilities in online retail platforms.
Company Overview
Weee!, founded in 2015, has quickly grown to become one of the leading grocery delivery services in the United States, catering to a niche market by offering a wide selection of Asian and Hispanic products. Headquartered in Fremont, California, Weee! has capitalized on the growing demand for specialty foods, particularly among immigrants and food enthusiasts seeking authentic ingredients. With a strong online presence and efficient delivery service, the company has attracted millions of customers across the country.
Breach Details
The breach was first made public in February 2023, when the hacker known as IntelBroker posted the stolen data on a popular hacking forum. The compromised information included:
- Order Amount
- Order ID
- Card ID
- Card Information
- Postal Code
- Receipt URLs
The data exposed primarily covers transactions made between 2021 and 2022, affecting approximately 11,777,379 customers. Notably, the breach did not include actual payment card numbers, as Weee! has emphasized that they do not retain customer payment information in their databases.
The breach was severe enough to prompt a significant response from Weee!, which issued a public statement on their website to inform customers of the incident and the steps being taken to address it.