Weee! grocery store

The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers.

Weee! claims to be the largest Asian and Hispanic grocery store in North America, delivering food across 48 states in the USA via warehouses spread throughout the country.

On Monday, a threat actor named ‘IntelBroker’ began leaking the data for Weee! on the Breached hacking and data breach forum.

According to the forum post, “In February 2023, a database of 11 million customers belonging to the Sayweee was stolen by hackers.”

Forum post leaking the data for Weee!
Forum post leaking the data for Weee!
Source: BleepingComputer

The leaked database contains Weee! customers’ first and last names, email addresses, phone numbers, device type (iOS/PC/Android), order notes, and other data the delivery platform uses.

After contacting Weee! about the breach, the company confirmed to BleepingComputer that customer information was stolen in the data breach.

“We recently became aware of a data breach that has affected some customer information,” reads the complete statement from Weee!.

“We can confirm that no customer payment data was exposed as Weee!, does not retain any customer payment information in our databases. For customers that placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order comments may have been impacted.”

“We have notified all customers of the issue and will be notifiying all impacted customers individually if their information was exposed.”

“Security is a top priority for us and we are undertaking a thorough review to ensure we continue to deliver on the trust the Weee! Community places in us.”

However, Weee! stresses that payment information was not exposed as they do not retain that data in their database.

While the threat actor stated the leak contains 11 million customers, Troy Hunt of the Have I Been Pwned data breach notification service told BleepingComputer that the leaked data only includes 1.1 million unique email addresses.

The additional records are likely caused by the same customer placing multiple orders.

To check if your information was exposed in this breach, you can search for your email address on Have I Been Pwned later today after the data is added.

Once the data is added to Have I Been Pwned, existing members of the notification service will automatically be notified of the data breach via email.

Source: www.bleepingcomputer.com