Grubhub, a popular food delivery app, recently fell victim to a hacker who managed to access user data. The breach, which was reported on Monday, involved the exposure of user names, email addresses, and phone numbers. While the exact number of affected customers was not disclosed, Grubhub did mention that the hacker obtained contact information for campus diners participating in a food delivery program for college students, as well as diners, merchants, and drivers who interacted with the customer care service.
One concerning aspect of the breach was that the hacker was able to view the last four digits of payment cards for some campus diners. However, Grubhub assured users that no full payment card information or user login data was compromised. Despite this, the hacker did manage to access passwords for older internal Grubhub systems, raising the possibility of a broader breach within the app’s databases. Fortunately, the passwords were stored in a hashed format, making it difficult for the hacker to decipher the login information. In response to the breach, Grubhub took proactive measures by rotating passwords that were deemed at risk.
In a statement, Grubhub emphasized the importance of using unique passwords to minimize the risk of unauthorized access. The company also revealed that the hacker gained entry by first compromising a third-party contractor that provided support services to Grubhub. As a precautionary measure, Grubhub has removed the third-party contractor from its systems and enlisted the help of forensic experts to investigate the breach.
“We are confident that the incident has been fully contained,” Grubhub reassured its users. With over 33 million customers, Grubhub remains a popular choice for online food delivery services. Just last month, the app was acquired by Wonder Group after being sold by Just Eat Takeaway.com.
The breach serves as a reminder of the ongoing cybersecurity threats faced by companies and their customers. It underscores the importance of robust security measures and prompt responses to such incidents. Grubhub’s swift actions in addressing the breach and securing user data reflect a commitment to maintaining user trust and safeguarding their information.
As online services continue to play a significant role in our daily lives, protecting personal data from cyber threats remains a top priority for both companies and consumers. By staying vigilant and following best practices for online security, users can reduce the risk of falling victim to hacking attempts and safeguard their personal information from malicious actors.