The data breach was first reported by Tech Crunch, which obtained some of the data that was stolen. It included user phone numbers,
IP addresses and geolocation data associated with the user’s billing address.
Drizly did not say when the hack occurred or how many accounts were affected, but did advise users to change their passwords.
A spokesperson for Drizly told TechCrunch: “In terms of scale, up to 2.5 million accounts have been affected. Delivery address was included in under 2% of the records. And as mentioned in our email to affected consumers, no financial information was compromised.”
The company said that no financial data was taken in the breach. But a listing on a dark web marketplace from a well-known seller of stolen data claims otherwise, Tech Crunch said.