Tuesday, December 3, 2024
Homecyber securityFood Delivery Platform Hacked - More than 400K Customer Impacted

Food Delivery Platform Hacked – More than 400K Customer Impacted

Published on

SIEM as a Service

Hackers compromised the Asian food delivery service Chowbus and stole customer information such as customer names, email addresses, phone numbers, and mailing addresses.

Chowbus founded in 2015, it is a mobile-based food delivery App that let customers order from local restaurants in cities around the USA, Australia, and Canada.

Chowbus Users Affected

Chowbus customers started receiving emails titled “Chowbus data,” which includes a download link “Download Chowbus data here.” The email includes a download link includes for both the user and restaurant database used by the food delivery service.

- Advertisement - SIEM as a Service

The CSV file for the restaurant includes 4,300 records and for file for users had 803,350 entries. Numerous customers received emails with the links to data exfiltrated from Chowbus.

One of the Reddit users stated that the company acted quickly to fix the security hole, as the link to the data was not working after the issue came to the public.

Chowbus confirmed that the data did not contain credit card information or Chowbus account passwords, and we are confident that this information is safe.

It is not clear how the attacker managed to gain access to the company’s servers or due to an insider.

Chowbus said that “We became aware of the situation at approximately 1:30 a.m. CDT on October 5 and are working diligently to address the matter. We take our responsibility for privacy and security seriously, and we are working to discover additional facts. We expect to provide additional information to our community in the coming days,

Chowbus customers can use the data breach notification website Have I Been Pwned, to check that their account has been compromised in the breach. HIBP has 444,224 accounts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Cognizant Confirms Data Breach After Ransomware Attack

ZEE5 Hacked – Hackers Stolen Over 150GB of Live Data from Video on Demand Platform

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...