The hacking group ShinyHunters has hit a popular mail-order meal kit company, Home Chef. Home Chef’s customer records were leaked as a result of the breach, according to a notice posted on the company’s website stating that customer information including email addresses, names, phone numbers, encrypted passwords, and four digits of credit card numbers was exposed.
Other account information such as mailing address and frequency of deliveries may have been exposed in select cases. This data could potentially be used to craft a convincing phishing email and further harm the victims. Security researchers also warned that the passwords, although encrypted, could be used for an account takeover. At the same time, people who reuse the same passwords are at a higher risk, and security researchers have advised that Home Chef customers should change all reused passwords immediately.