Weee!, a US online grocery delivery start-up specializing in Asian and Hispanic food, says it was hacked and a year’s worth of customer data was stolen.
In a short statement published this week, the company said cybercriminals stole the name, address, email address, phone number, order number and order notes — such as where to drop off or leave orders — from customers who placed orders between July 12, 2021 and July 12, 2022.
The statement said the company does not retain any customer payment information and as such was unaffected.
It’s not clear who was behind the breach, but a person on a well-known cybercrime forum claims to provide information about 11.3 million orders and 1.1 million customer accounts stolen from Weee! earlier in February. Troy Hunt, who runs the breach reporting site Have I Been Pwned, obtained a copy of the 1.1 million customer email addresses so affected individuals can verify if their information has been compromised.
The seller also says the type of device customers use to place orders, such as an iPhone or Android, was captured in the breach.
From February 2022, Weee! was valued at $4.1 billion after a massive Series E raise of $425 million, and has more than 1,500 employees.
A contraction! spokesperson did not immediately respond to a request for comment and questions about the breach.
