Grubhub has confirmed data infringement to disclose users and merchants information after the attacker gained access through a third -party service provider. The company did not clarify how many people were affected, but acknowledged that personal details were damaged.
“Our survey found that the invasion occurred in an account that belongs to a third -party service provider that provided a support service to Grubhub,” said the company on Monday.
The violation will be added to the recent increase in cyber attacks, including one of the US Treasury, which has gained access to delicate government documents.
what happened?
Grubhub has tracked a violation of an account linked to a third -party contractor that provides support services. When the problem was detected, the company canceled the access and cut the relationship with the provider.
“We recently detected abnormal activities in an environment that followed a third -party service provider of a support team. When found, we identified unauthorized access to the account associated with this provider and investigated. GRUHUB has immediately discontinued the access of the account from the system.
Which data was released?
The attacker got his name, email address, and phone number. Some campus diners were exposed to the details of the payment card, especially the card type and the last four digits.
Old internal systems were also infringed and have been able to have a password. Grubhub has rotated the password that could have been dangerous and reassured users that the password of the marketplace account was not affected.
How did Grubhub react?
Following the violation, Grubhub brought a forensic expert to investigate the case and added additional security measures to detect suspicious activities. The company says this situation is currently controlled.
In this review, there is no evidence that the attacker has accessed finances or very confidential personal data, such as seller login qualification information, full payment card details, bank account, social security number, or driver’s license information. did.
However, the violation has published a name, email address, and phone number. Some campus diners leaked the details of partial payment cards, such as the type of card and the last four digits. Grubhub has advised users to use unique passwords as a general security scale.
“Authentged individuals have accessed campus diner contact information and dinners, merchants, and driver contact information, which interacted with customer care services,” said Grubhub.
GRUBHUB’s recent trouble
Based in Jason Finger, Mattmalony, Mike Evans, and Chicago Grubhub is an online and mobile food order and delivery market that focuses on connecting diners and local restaurants.
Grubhub provides services to more than 33 million customers and cooperates with 375,000 merchants and 200,000 delivery drivers in 4,000 cities. This violation occurs a few months after the company solved the FTC lawsuit for $ 25 million than the misunderstanding price setting and the deceptive practice.
In addition to the turbulent year, Grubhub was recently sold to Won Der Group on Mega-Deal for $ 7 billion at Just Eat TakeWay.com.
Source link
