Tech & Startup

Grubhub data breach exposes user, driver, and merchant information

Grubhub delivery driver
The company detected the breach after identifying unusual activity linked to an account used by a third-party service provider for its customer support team. Image: Elvert Barnes/Flicker.

Grubhub, the food delivery company, has confirmed a security breach that compromised user, driver, and merchant data, including hashed passwords and partial credit card details. 

The company detected the breach after identifying unusual activity linked to an account used by a third-party service provider for its customer support team. In response, the company has terminated the account's access and removed the service provider from its systems, according to a recent blog post by Grubhub.

The breach exposed personal information from customers, drivers, and merchants who interacted with Grubhub's customer service system, as well as students using its campus dining service. Accessed data included names, email addresses, and phone numbers, alongside partial credit card details such as the card type and last four digits. Hashed passwords from certain legacy systems were also affected.

Grubhub has not disclosed the timeline of the breach or the number of accounts impacted. However, the company said, "We proactively rotated any passwords that we believed might have been at risk." It also confirmed that full payment card details and bank account information were not accessed.

The security incident comes as Grubhub is in the process of being sold by its parent company, Just Eat, to food hall startup Wonder for $650 million. The sale, announced in November 2024, is expected to be completed in the first quarter of 2025.

Comments

Grubhub data breach exposes user, driver, and merchant information

Grubhub delivery driver
The company detected the breach after identifying unusual activity linked to an account used by a third-party service provider for its customer support team. Image: Elvert Barnes/Flicker.

Grubhub, the food delivery company, has confirmed a security breach that compromised user, driver, and merchant data, including hashed passwords and partial credit card details. 

The company detected the breach after identifying unusual activity linked to an account used by a third-party service provider for its customer support team. In response, the company has terminated the account's access and removed the service provider from its systems, according to a recent blog post by Grubhub.

The breach exposed personal information from customers, drivers, and merchants who interacted with Grubhub's customer service system, as well as students using its campus dining service. Accessed data included names, email addresses, and phone numbers, alongside partial credit card details such as the card type and last four digits. Hashed passwords from certain legacy systems were also affected.

Grubhub has not disclosed the timeline of the breach or the number of accounts impacted. However, the company said, "We proactively rotated any passwords that we believed might have been at risk." It also confirmed that full payment card details and bank account information were not accessed.

The security incident comes as Grubhub is in the process of being sold by its parent company, Just Eat, to food hall startup Wonder for $650 million. The sale, announced in November 2024, is expected to be completed in the first quarter of 2025.

Comments

দ্রুত ন্যূনতম ঐকমত্য, তার ভিত্তিতে অতিদ্রুত নির্বাচনের প্রত্যাশা বিএনপির

বিএনপি মহাসচিব মির্জা ফখরুল ইসলাম আলমগীর বলেছেন, ‘আমরা আশা করব, খুব দ্রুত এই সংস্কারের ন্যূনতম ঐক্যমত্য তৈরি হবে। সেটার ওপর ভিত্তি করে অতিদ্রুত জাতীয় নির্বাচন অনুষ্ঠিত হবে।’

১ ঘণ্টা আগে