Sensitive data breached of the Food Delivery app Foodora affecting over 7,27,000 customers across 14 countries
Foodora is an online food delivery brand originally based in Berlin, Germany which offers meals from over 9,000 selected restaurants in several countries worldwide. Using the Foodora app, website, or the corporate platform, customers can browse local restaurants, place an order, and track it as it’s prepared and delivered by a bike courier or delivery driver.
Researchers found that the food delivery company faced a data breach that affected over 7,27,000 user data across 14 countries in Europe. Including France, Finland, Austria, Spain, and Italy. Foodora parent company Delivery Hero stated that unknown members posted the leaked customers’ data on various hacking forums.
The data that was breached includes usernames, phone numbers, addresses, full names, locations, and hashed passwords of Foodora customers. The data was dumped in a series of SQL files for each country, labeled as “CustomerAddress” and “Customers.” The affected customers are getting suspicious emails from unknown third parties, the company said.
Unfortunately, we can confirm that a data breach has been identified concerning personal data dating back to 2016. The data originates from some countries across our current and previous markets. We started a thorough internal investigation and have informed all relevant authorities. We are working closely with our security and data protection teams, as well as local authorities, to identify what caused the breach and inform the affected parties.
said Delivery Hero in a statement
Surprisingly the creator of Have I Been Pwned tweeted, “Foodora had 583k unique customers exposed in 2016. Data included names, delivery addresses, phone numbers, and passwords stored as either salted MD5 or bcrypt. 73% were already in @haveibeenpwned.”
New breach: Foodora had 583k unique customers exposed in 2016. Data included names, delivery addresses, phone numbers and passwords stored as either salted MD5 or bcrypt. 73% were already in @haveibeenpwned. Read more: https://t.co/cdE2yq6E7B
— Have I Been Pwned (@haveibeenpwned) June 16, 2020
However, the company is yet to release an official statement of the data breach and affected customers list, stay tuned at Android Rookies for further updates on the matter. For more news on tech and cybersecurity subscribe to our newsletter from here