Data Breach Exposes Info on Drivers and Customers of ‘GrubHub’ Marketplace
February 05, 2025
Online food delivery company GrubHub recently disclosed a data breach that exposed the sensitive data of its drivers and customers.
GrubHub discloses cyber attack
A security incident affecting GrubHub, a popular food delivery company, has exposed the sensitive information of its drivers and customers.
After detecting suspicious activity on its systems, the firm hired a team of forensic experts and started an investigation.
During the attack, threat actors compromised an account of a third-party support service provider and then used it to siphon sensitive data. After learning of the attack, GrubHub briefly locked out the perpetrators and deleted the compromised account.
The extent of the data breach
Threat actors exfiltrated a significant trove of data consisting of sensitive data of the company’s drivers and customers, such as:
- Full names
- Email addresses
- Partial card information for some campus diners
- Phone numbers
- Hashed passwords from legacy systems
According to the data breach notification, perpetrators did not access data such as:
- Merchant login details
- GrubHub Marketplace customer passwords
- Bank account details
- Full payment card details
- Social Security numbers
- Driver’s license numbers
“The unauthorized party also accessed hashed passwords for certain legacy systems, and we proactively rotated any passwords that we believed might have been at risk,” reads a GrubHub security advisory. “While the threat actor did not access any passwords associated with Grubhub Marketplace accounts, as always, we encourage customers to use unique passwords to minimize risk.”
Company response and mitigation
GrubHub omitted the type of attack launched against its systems, and the identity of the perpetrators remains unknown, as threat actors have yet to claim responsibility for the incident.
While the company said no passwords associated with GrubHub Marketplace accounts were compromised, it recommends users set unique passwords for their accounts to mitigate risks.
Being prepared for data breaches
Unfortunately, data breaches are still common, affecting both companies and any connected parties, such as customers or partners, regardless of their vigilance or cybersecurity hygiene.
While many data breaches are not preventable, preparedness is crucial in mitigating any potential damage.
Dedicated services like Bitdefender Digital Identity Protection can help you stay prepared when disaster strikes by providing an extensive overview of your online data.
It constantly monitors the public and the Dark web for traces of your data, instantly notifies you if your online persona has been compromised in a breach, and lets you patch holes in your digital footprint by offering quick, one-click action items.
tags
Author
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsRight now Top posts
Your Device ‘Fingerprint’ Will Go to Advertisers Starting February 2025
December 24, 2024
Beware of Scam Emails Seeking Donations for UNICEF or Other Humanitarian Groups
December 19, 2024
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
