Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Online food ordering and delivery platform GrubHub discloses a data breach

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information.  Recently, the company detected an anomalous activity within its infrastructure, then it launched an investigation […]

Xsolis

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers.

This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. 

Recently, the company detected an anomalous activity within its infrastructure, then it launched an investigation into the attack with the help of leading forensic experts.

The investigation revealed that attackers had compromised an account associated with a third-party provider of support services. Then GrubHub locked out the attackers and removed the hacked account.

“We recently detected unusual activity within our environment traced to a third-party service provider for our Support Team. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider.” reads a notice of data breach published by the company on its website. “We immediately terminated the account’s access and removed the service provider from our systems altogether.”

Compromised data include names, emails, phone numbers, partial card info for some campus diners, and hashed passwords from legacy systems. The company reset affected passwords.

The unauthorized party also accessed hashed passwords for certain legacy systems, and we proactively rotated any passwords that we believed might have been at risk. While the threat actor did not access any passwords associated with Grubhub Marketplace accounts, as always, we encourage customers to use unique passwords to minimize risk.

The food ordering and delivery firm confirmed that attackers did not access any passwords associated with Grubhub Marketplace accounts, however, they recommend customers to use unique passwords to minimize risk.

The data breach did not expose passwords, merchant logins, full card numbers, bank details, or Social Security numbers.

GrubHub has not disclosed whether it was targeted by a ransomware attack, and as of this writing, no known ransomware group has claimed responsibility.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)