Hackers compromised the Asian food delivery service Chowbus and stole customer information such as customer names, email addresses, phone numbers, and mailing addresses.
Chowbus founded in 2015, it is a mobile-based food delivery App that let customers order from local restaurants in cities around the USA, Australia, and Canada.
Chowbus Users Affected
Chowbus customers started receiving emails titled “Chowbus data,” which includes a download link “Download Chowbus data here.” The email includes a download link includes for both the user and restaurant database used by the food delivery service.
The CSV file for the restaurant includes 4,300 records and for file for users had 803,350 entries. Numerous customers received emails with the links to data exfiltrated from Chowbus.
One of the Reddit users stated that the company acted quickly to fix the security hole, as the link to the data was not working after the issue came to the public.
Chowbus confirmed that the data did not contain credit card information or Chowbus account passwords, and we are confident that this information is safe.
It is not clear how the attacker managed to gain access to the company’s servers or due to an insider.
Chowbus said that “We became aware of the situation at approximately 1:30 a.m. CDT on October 5 and are working diligently to address the matter. We take our responsibility for privacy and security seriously, and we are working to discover additional facts. We expect to provide additional information to our community in the coming days,
Chowbus customers can use the data breach notification website Have I Been Pwned, to check that their account has been compromised in the breach. HIBP has 444,224 accounts.