Grubhub, a popular food delivery app, recently fell victim to a hacker who managed to access user data including names, email addresses, and phone numbers. The breach, which was reported on Monday, affected users of Grubhub’s services, but the exact number of customers impacted was not disclosed by the company.
The hacker targeted various groups of users, including those enrolled in Grubhub’s “campus diners” program, which caters to college students. Additionally, contact information for diners, merchants, and drivers who interacted with Grubhub’s customer care service was compromised in the breach.
Although sensitive information such as full payment card details was not stolen, the hacker did manage to view the last four digits of payment cards for some campus diners. Furthermore, the breach exposed passwords for older internal Grubhub systems, potentially paving the way for a broader attack on the app’s databases. However, Grubhub reassured users that the accessed passwords were stored in a hashed format, making it difficult for the hacker to decipher them. In response, the company proactively changed any passwords that were deemed at risk.
Despite the hacker’s unauthorized access to certain data, Grubhub emphasized that no passwords associated with Grubhub Marketplace accounts were compromised. Nevertheless, the company urged all customers to use unique passwords to minimize any potential risks to their accounts.
The security breach was facilitated through a third-party contractor that provided support services to Grubhub. Following the incident, Grubhub promptly removed the contractor from its systems and engaged forensic experts to investigate the breach. The food delivery service expressed confidence that the breach had been contained and assured users that steps were being taken to prevent similar incidents in the future.
With over 33 million customers, Grubhub is a major player in the food delivery industry. Last month, the app underwent a change in ownership when it was acquired by Wonder Group from Just Eat Takeaway.com.
The breach serves as a reminder of the ongoing threats posed by cybercriminals and the importance of robust security measures to safeguard user data. Grubhub’s swift response to the incident demonstrates the company’s commitment to addressing security breaches and protecting the privacy of its customers. As online platforms continue to face evolving cybersecurity challenges, maintaining a vigilant approach to data security remains crucial to safeguarding user information.