Home Chef Data Breach
Home Chef Meal Kit Delivery Breach (2020): 8.7 Million Customer Records Including Partial Credit Card & Passwords Exposed
Meal kit delivery service.
Risk Interpretation
Exposure enables phishing, order fraud, delivery impersonation, and household targeting. Subscription and dietary data may also reveal health or lifestyle patterns.
Impact & Downstream Threats
In May 2020 ShinyHunters breached Home Chef systems and exfiltrated data for approximately 8 million customer accounts. The stolen dataset included email addresses, names, phone numbers, geographic locations, IP addresses, partial credit card data, and hashed passwords. ShinyHunters subsequently offered the data for sale on dark web markets. Home Chef notified customers and prompted password resets. No major class-action settlement or regulatory enforcement action specific to this breach has bee
- Credential stuffing against reused passwords across other platforms
- Financial fraud using exposed financial profile data
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Home Chef, the Chicago-based meal kit delivery service owned by Kroger, suffered a data breach in May 2020 when the hacking group ShinyHunters infiltrated its systems through a misconfiguration and exfiltrated records on approximately 8.7 million customers. ShinyHunters subsequently listed the stolen data for sale on dark web marketplaces. The breach occurred while Home Chef was operating under Kroger's ownership, following its 2018 acquisition. The exposed data included customer names, email addresses, phone numbers, geographic locations, IP addresses, the last four digits of credit card numbers, and passwords stored as bcrypt hashes. While bcrypt hashing provides some protection against immediate password cracking, the combination of personal and partial financial data creates meaningful risk. Affected individuals could face phishing attempts, order fraud, and delivery impersonation. Subscription and dietary preference data, if included, may also reveal personal health or lifestyle patterns. Home Chef notified affected customers and prompted password resets following discovery of the breach. No major class-action settlement or regulatory enforcement action specific to this incident has been publicly documented. Affected customers should remain alert to phishing emails that reference their Home Chef account, monitor for any unauthorized charges, and change their password on any other service where they used the same credentials.
About Home Chef
Home Chef is a meal kit delivery service offering pre-portioned ingredients and recipes for home cooking, serving primarily the U.S. market. Founded in 2013 and headquartered in Chicago, the company was acquired by Kroger in 2018 for approximately $200 million as part of Kroger's push into meal kit and prepared foods. Home Chef competes with HelloFresh, Blue Apron, and other subscription meal kit services.
Why They Hold Your Data
Meal-kit platforms collect customer identity, addresses, payment-adjacent data, subscription records, dietary preferences, and order history across recurring food-delivery operations.
Recent Developments
Home Chef has continued operating within the Kroger family of businesses. Kroger has integrated Home Chef's meal kits into its retail store footprint through in-store pickup and branded sections, supplementing the direct-to-consumer subscription model. The meal kit category has faced sustained margin pressure. No major standalone Home Chef organizational changes have been prominently reported beyond the Kroger operational context.
Data Points Exposed
Exposure Categories
Canonical Fields
credit_card:partial, email_address, full_name, geographic_locations, ip_address, password, phone_number
Dark Web Verification
- Dataset containing ~8.7M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: home-chef-2020;Home Chef Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Home Chef
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam