Details of 2.5 million clients who bought alcohol online were leaked

Drizly, an alcohol delivery start-up, has just notified its customers that it suffered a data breach that could have compromised your personal information.

Through an email sent to its customers and filtered to various media outlets, the company revealed that some of his personal records were obtained by a threat actor; among the data committed are

  • Email addresses
  • Dates of birth
  • Passwords encrypted with bcrypt
  • Delivery address, in some cases

It is mentioned that around 2.5 million users would have been affected.

The TechCrunch platform obtained a sample of the compromised data, including some accounts from Drizly’s internal staff. When verifying data with public records, it was concluded that some compromised user profiles also include phone numbers, IP addresses, location data, and more.

The company did not specify when the incident occurred or the exact number of accounts affected, although it advised all its users to reset their passwords to avoid subsequent attacks. In this regard, a spokesman for Drizly said: “About 2.5 million accounts were affected, including the homes of about 2% of affected users.” The spokesperson concluded by mentioning that users’ financial information was not compromised.   

Despite these statements, the dark web forum where the information was posted ensures otherwise.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es drizly01.jpg
SOURCE: TechCrunch

The ad mentions that Drizly’s hacked accounts are on sale for less than $15. Although sellers don’t mention when the data breach occurred, the ad appears to have been released last February. The seller does not provide a sample of the compromised information, although it states that this database includes valid payment card numbers.

Along with Minibar and, Drizly is one of the leading alcoholic beverage delivery services in the United States and Canada, raising more than 60 million since its launch.