Protecting the Platform: An Update from Instacart

Our top priority is to ensure the safety and security of the entire Instacart community. As part of this commitment, we have dedicated teams perform routine audits and investigations to ensure the integrity of the platform across shopper and customer accounts. In the event that any issues arise, we’re committed to quickly identifying incidents, isolating the cause and taking swift, proactive action to best protect the Instacart platform.

Isolated Incident Related to a Third-Party Support Vendor

As part of our ongoing review of support protocols, we’ve determined that two employees retained by a third-party support vendor we work with may have reviewed more shopper profiles than was necessary in their roles as support agents. Upon discovering this inconsistency, we immediately retained a leading forensic analysis firm to promptly investigate the matter.

The results of our joint investigation confirmed that these two individuals viewed a limited set of shopper information that may have included name, email address, telephone number, driver’s license number, and a thumbnail image of the driver’s license. Based on our forensics investigation, we’ve concluded that no shopper data was stored, downloaded or digitally copied in any way. Our investigation also determined that no customer information or profiles were accessed or impacted in any way by this incident.

Protecting Our Shopper Community

We have zero tolerance for anyone who abuses their role and that extends to our third-party vendors. As a result, we’ve taken several preventative measures to further protect shoppers and their information.

First, we immediately worked with our third-party support vendor to ensure that their two employees will never work on behalf of Instacart again. Second, we suspended work at this third-party support location and have since ceased local operations indefinitely.

Out of an abundance of caution, we’re proactively communicating about this isolated incident via mail and email to the 2,180 shoppers who came into contact with these two third-party support agents during their employment with our vendor. Our goal is to ensure each shopper has the related details and is aware of the preventative measures we’ve since taken to protect the shopper community.

While our investigation offered no indication that any shopper had their data stored, downloaded or digitally copied in any way, as an additional preventative measure, we’re offering two years of free credit monitoring and protection to all 2,180 shoppers whose information may have been viewed by these two individuals.

New Measures to Further Protect the Shopper Platform

Our goal is to be as supportive as possible in answering shopper questions or reviewing specific account issues as they arise. We’ll soon be introducing a new dedicated shopper support process for use by any shopper who believes they have been impacted by this incident or for anyone who has a security related question regarding their own account.

We already support two-factor authentication for all shopper logins and we’re adding this protection to even more aspects of the Shopper app. This will require shoppers to further verify their identity when changing any information on their account, but we believe it’s an extra step worth taking to help keep shopper information secure. These additional features will be rolled out in the coming months and shoppers will be notified when they’re able to access them.

Finally, we’re proud of the robust measures already in place for shoppers, and as part of our ongoing commitment to security, we recently introduced several authentication measures to verify shoppers using the platform including:

• Shopper ID verification: We periodically prompt shoppers to take a photo of themselves to ensure that the person shopping matches the photo we have of them on file.
• Secure login: We introduced more protective features into our Shopper app login functionality, including reCAPTCHA to verify that only active shoppers are able to log into accounts.
• Automatic logouts: Shoppers may be periodically logged out of their Shopper app and asked to log back in, to verify their password and identity.
• Banned device switching: Shoppers are no longer able to switch between different devices in the middle of a batch — the device that accepts a batch has to be the one to complete it, so individuals cannot accept a batch elsewhere and then log into a different device to complete the shop.

Maintaining the integrity of our platform is a top priority and we’re committed to ensuring the safety and security of our marketplace for all members of the Instacart community.