Ransomware victim disclosure
← All victimsInstacart
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileInstacart is an American technology company headquartered in San Francisco, California, that operates a same-day grocery delivery and pick-up marketplace serving customers across the United States and Canada. Customers place orders via Instacart's mobile app or website from participating retail grocery partners, and independent personal shoppers fulfill and deliver those orders. The company is one of the largest grocery delivery platforms in North America.
- Industry
- On-Demand Grocery Delivery & Pick-Up
- Address
- 50 Beale Street, Suite 600, San Francisco, CA 94105, United States
- Employees
- 10001+
- Founded
- 2012
Attack summary
Severity: medium — Data is claimed as published by ShinyHunters, a known data-exfiltration group with a history of large-scale consumer PII breaches; however, the post contains no verifiable proof, no data inventory, and the description is AI-generated boilerplate, preventing confirmation of scope or sensitivity.ShinyHunters claims to have obtained data from Instacart, with the disclosure status marked as data_published; however, the leak post content appears AI-generated and provides no specific details about what was exfiltrated, encrypted, or the volume and nature of the stolen data.
Original description
AI-summarised, not from the leak postInstacart is an American company that operates as a same-day grocery delivery and pick-up service in the U.S. and Canada. Customers shop for groceries through their mobile app or website from participating stores. The purchased items are delivered to customers' doorsteps by a personal shopper.
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

