Online alcohol delivery startup Drizly has told customers that it was hit by a data breach.
In an email to customers obtained by TechCrunch, the company said that a hacker “obtained” some customer data. The hacker took customer email addresses, date-of-birth, hashed passwords, and in some cases delivery address, the email read.
Drizly did not say when the hack occurred or how many accounts were affected, but did advise users to change their passwords. We reached out to the company for comment but didn’t immediately hear back.
The company said that no financial data was taken in the breach. But a listing on a dark web marketplace from a well-known seller of stolen data claims otherwise.
The listing, which we are not linking to, claims to have “fresh hacked” [sic] Drizly accounts. The seller did not say when the breach took place, but the listing appears to have been posted on February 13. The listing also did not say how many accounts were for sale. Although no sample of data was offered, the listing claims to have valid Drizly credit cad numbers and users’ order history.
The data is for sale for $14, the listing says. TechCrunch has questions in to the seller.
Drizly has become one of the biggest online alcohol delivery services in the U.S. and Canada, raising over $68 million to date, rivaling Minibar and Delivery.com.
Send tips securely over Signal and WhatsApp to +1 646-755-8849, or email: firstname.lastname@example.org