In an effort to stay at home, have you used Instacart recently? Data belonging to Instacart customers recently surfaced on the dark web. Names, the last four digits of credit card numbers, addresses and other personal details were sold to bad actors.

When Instacart investigated the matter, the company denied a security breach. “We take data protection and privacy very seriously,” the company said in a statement. Instacart suggested that phishing attacks may have led to individual consumer information theft.

Cyber security expert Mark Ostrowski notes that credential stuffing attacks -where hackers rely on past account breaches and passwords to hack into new accounts- could be responsible for the leaked consumer data.

In the wake of the Instacart debacle, cyber security experts recommend the following:

  1. Create strong passwords for Instacart.
  2. Stay up-to-date regarding Instacart themed phishing campaigns.
  3. Track and monitor your cyber footprint. Note where you’ve entered credit card info, and delete the info from unused sites/old accounts.

For more on this story, visit USA Today.