Weee!, a U.S. online grocery delivery startup that specializes in Asian and Hispanic foods, says it was hacked and that a year’s worth of customer data was stolen.
In a brief statement published this week, the company said that cybercriminals stole the name, address, email address, phone number, order number and order comments — such as where to drop off or leave orders — of customers who placed orders between July 12, 2021 and July 12, 2022.
The statement said that the company does not retain customer payment information and as such was unaffected.
It’s not clear who was behind the breach, but a person on a known cybercrime forum claims to be offering information on 11.3 million orders and 1.1 million customer accounts stolen from Weee! earlier in February. Troy Hunt, who runs breach notification site Have I Been Pwned, obtained a copy of the 1.1 million customer email addresses, allowing affected individuals to check if their information was compromised.
The seller also says that the type of device used by customers to place orders, such as iPhone or Android, was taken in the breach.
As of February 2022, Weee! was valued at $4.1 billion following a monster $425 million Series E raise, and has more than 1,500 employees.
A Weee! spokesperson did not immediately respond to a request for comment and questions about the breach.