Even though customers aren’t spending as much on their credit cards, fraudsters are still on the prowl. I wrote a few weeks back about how credit card fraud is rising even as customer spend tanks. Over the last couple of days, we saw a few initial reports that indicated that close to 280,000 Instacart customer accounts could have well been compromised. These reports indicated that the Instacart data breach revealed credit card details of customers.

Instacart Credit Card Data Breach

Pymnts.com initially reported that sellers were offering the data of over 278,531 Instacart customers on the dark web. Instacart denied that they had suffered any sort of data breach. However, security firm Security Fanatics rejected their claim. According to Security Fanatics, their investigation revealed that the customer data found on the dark web seemed legit.

Over the weekend, Instacart provided more details and put out a detailed statement about what transpired. Instacart said that hackers used usernames and passwords from other accounts in order to get access to customers’ Instacart accounts. You can read the full statement here.

Based on our team’s assessment, we believe that this is what is commonly referred to as credential stuffing — an activity that occurs across the web when a person uses the same login credentials across various websites and apps. If a user’s credentials are compromised on another website or app and their login information is shared across platforms, it makes it easier for third-party bad actors to access and utilize accounts connected to those compromised login credentials.

Instacart reiterated that they do not store full credit details of their customers. However, hackers have access to data that reveals the last four digits of customer credit card numbers. Also, hackers gained access to other customer details like first/last name, address and previous order details.

The Pundit’s Mantra

Post Covid-19, many customers have switched to online grocery. Banks have also been generously offering bonus points on credit card spend at grocery stores. I won’t be surprised if more bad actors target businesses similar to Instacart’s. Last year, someone hacked my GrubHub account to place an order using my Amex Gold Card. Thankfully, an Apple Pay notification saved the day.

If you use credit cards, loyalty programs or any other digital wallets, check your statements regularly for any unusual activity. As I saw in my case, setting the right notifications can go a long way in alerting you about possible fraudulent activity on your account.


This travel credit card is one of my favorite hotel credit cards. With this card, you’ll not only earn a free night each year when you renew the card, but If you pair it with this limited time offer, you’ll also earn 25% points back when you redeem your points until October 8, 2020.

You can earn a welcome bonus of 50,000 points when you apply for this card using the link below!

Apply Now


Never miss out on the deals, analysis, news and travel industry trends. Like us on Facebook, follow us on Instagram and Twitter  and get the latest content!


Disclosure: The Points Pundit receives NO compensation from credit card affiliate partnerships. Support the blog by applying for a card through my personal referral links. This article is meant for information purposes only and doesn’t constitute personal finance, health or investment advice. Please consult a licensed professional for advice pertaining to your situation.