Drizly, an online alcohol delivery service, recently notified customers of a data breach in which a hacker accessed customer information. This breach reportedly affected up to 2.5 million accounts, exposing email addresses, dates of birth, and bcrypt-hashed passwords. In some cases, delivery addresses were also exposed, though this affected less than 2% of the records. The stolen data included user phone numbers, IP addresses, and geolocation data tied to billing addresses.
Drizly clarified that no financial information was compromised; however, a dark web listing claims otherwise, stating it has “freshly hacked” Drizly accounts for sale, including credit card numbers and order histories. This listing first appeared in February 2020, though the exact breach date remains unknown. Drizly advised all affected customers to update their passwords.