image
Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, the popular Kroger’s Home Chef service recently served up a side of data breach along with its perfectly measured ingredients. According to a notice posted on the Home Chef website, the company “recently learned of a data security incident impacting select customer information.” That info includes email addresses, names, phone numbers, encrypted passwords and the last four digits of credit-card numbers. Perhaps most importantly for any fraudsters planning to use the information, “other account information such as frequency of deliveries and mailing address may also have been compromised,” Home Chef said – data that a cybercriminal could use to cook up a convincing phishing email. The “encrypted passwords” are no guarantee against account takeover, security researchers warned. “While the customer passwords in the leaked database were encrypted, there are tools that cybercriminals can leverage to decrypt them and potentially gain access to a number of accounts across multiple services that their victims use,” said Anurag Kahol, CTO at Bitglass, via email, adding that 65 percent of people use the same password for multiple or all of their accounts. “All consumers, not just users impacted by this incident, should improve their password hygiene by diversifying their login credentials across different accounts in order to mitigate the…

Source