On Tuesday, online alcohol delivery service Drizly confirmed it had experienced a data breach. In an email sent to customers, the company said it discovered suspicious activity from an “unauthorized party.”
Customers’ personal information that may have been compromised includes email addresses, dates of birth, hashed passwords, and in some instances delivery addresses, according to the email.
“The passwords in question were hashed, or cryptographically protected, meaning the credentials were not disclosed in plain text,” the email stated. While this should mean that the information can not be used to gain access to customers’ accounts, Drizly has encouraged users to change their passwords “out of an abundance of caution.”
The company’s statement also notes that no financial information, meaning debit or credit cards, was taken in the breach. But online technology publication TechCrunch has since reported a listing on a dark web marketplace suggesting otherwise.
In the listing, the seller claims to have “fresh hacked” accounts containing valid credit card numbers. The post, listed on February 13, does not state the number of accounts being offered, and no sample set of data was shown. The information is listed for $14, according to TechCrunch.
At the time of publishing, Drizly has not responded to these additional claims.