Weee! a U.S based online grocery delivery platform has disclosed a data breach affecting nearly 1.1 million customers.
Its delivering food across 48 states in the USA via warehouses spread throughout the country. Its delivery app has been downloaded over 2.6M times.
A threat actor named IntelBroker posted the database on BreachForums. Security researcher Troy Hunt of Have I Been Pwned, a data breach notification service, confirmed that the leaked data only includes 1.1 million unique email addresses. The additional entries are likely due to multiple orders placed by the same customer.
The leak contains information such as Weee! customers’ PII that includes first and last names, email addresses, phone numbers, device platform, order notes, dates. It also included delivery notes that customers of Weee! left for couriers, such as codes to enter residential or office buildings.
Weee! statement says, it is aware that a data breach has affected some of its customers. They also confirmed that the breach did not impact user financial data, as the online grocery delivery platform does not retain any payment details. Customers that placed an order between July 12, 2021, and July 12, 2022, may have impacted.
Weee! has notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed.