Ransomware victim disclosure
← All victimsInstacart
Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileInstacart (Maplebear Inc.) is an American technology company headquartered in San Francisco, California, that operates a same-day grocery delivery and pick-up platform serving customers across the United States and Canada. Customers order groceries via the Instacart mobile app or website from a network of partnered retail stores, with orders fulfilled by independent personal shoppers. The company is publicly traded on the Nasdaq and works with thousands of retail partners.
- Industry
- On-Demand Grocery Delivery & Pick-Up Services
- Address
- 50 Beale Street, Suite 600, San Francisco, CA 94105, United States
- Employees
- 3000-10000
- Founded
- 2012
Attack summary
Severity: medium — The status is marked as data_published, indicating exfiltration has been claimed and data released, but the leak post contains no specifics on data types, volume, or sensitivity, and the post text appears AI-generated with no verifiable proof details provided, preventing a higher severity classification.Hunters International claims to have compromised Instacart and has published data associated with the attack; the disclosed status indicates data has been published, though the leak post provides no explicit detail on whether encryption occurred or the specific volume and nature of exfiltrated data.
Original description
AI-summarised, not from the leak postInstacart is an American company that operates as a same-day grocery delivery and pick-up service in the U.S. and Canada. Customers shop for groceries through their mobile app or website from participating stores. The purchased items are delivered to customers' doorsteps by a personal shopper.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

