ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Home Chef Data Breach

homechef.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 8,815,692
Breach date 10 Feb 2020
Added to tracker 13 Nov 2020
Data classes 7

What happened

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Exposed data

Email addresses Geographic locations IP addresses Names Partial credit card data Passwords Phone numbers

Recommended actions

  • Change your Home Chef password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Home Chef — attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP