A recent security breach at Drizly, the alcohol delivery startup founded in Boston in 2012, has compromised user information including email address, date of birth, hashed passwords and some delivery addresses, according to an email sent to users by Drizly customer service on Tuesday.
In response to questions from BostInno, a Drizly spokeswoman said up to 2.5 million accounts were affected. Of those, less than 2 percent included delivery addresses, she said, or at most 50,000 accounts.
Drizly emphasized that no financial information was compromised, and the passwords that were exposed were encrypted, a.k.a. not disclosed in plain text, using the hashing algorithm BCrypt. The company has reached out to the affected users and advised customers to reset their passwords.
Whitman said that Drizly first identified the breach on July 13. At that time, the company began an investigation with a cybersecurity firm and implemented additional security measures.
Drizly has also been in contact with and is cooperating with federal law enforcement, given that the company is "the target of a cybercrime," the spokeswoman said.
The investigation is ongoing.