Grocery delivery service Weee! confirms hack involving customer data

One of the most popular grocery delivery services for Asian and Hispanic foods confirmed that it was hacked last week, with cybercriminals claiming to have stolen the information of more than one million users.

Weee! – which has fulfilled more than 27 million deliveries across the U.S. since 2017 – said the cyberattack occurred on February 6. Hackers stole information on all orders placed during a 365-day period starting July 12, 2021.

“The accessed information includes name, email address, phone number, order number, order amount and order comments. No payment data was exposed as we do not retain any customer payment information in our databases. We can also confirm that customer account passwords were not compromised,” Weee! spokesperson Judith Nelson told The Record. 

“We have informed our customers of the issue and will be notifying all impacted customers individually if their information was exposed. Security is a top priority for us and we are undertaking a thorough review to ensure we continue to deliver on the trust the Weee! community places in us.”

The company posted a similar message on a page inaccessible from their website. The Weee! app has been downloaded more than 2.6 million times.

On Monday, hackers posted on popular cybercriminal forum Breached that they had stolen a range of information from the company – including 11.3 million orders and more than 1.1 million unique email addresses. 

Grocery chains are a frequent target for hackers due to the troves of customer information they hold. Major supermarket chains across Trinidad, Brazil, South Africa, Eswatini, Namibia and Zambia have faced cyberattacks or ransomware incidents resulting in the theft of customer data. 

Last July, one of Sweden’s largest supermarket store chains, Coop, was forced to shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the wide-ranging Kaseya security incident.

More than 300 organizations in the retail industry said they were hit with ransomware attacks in 2021, according to a survey from security company Sophos.