HQ/EMEAFind out how we can help your business
A newly discovered GrubHub data breach could have significant implications for numerous users after a threat actor has exposed a massive dataset that contains various user information.
One of our iZOOlogic researchers observed that a threat actor dubbed Octagon has allegedly compromised the personal information of millions of GrubHub users and exposed them on a hacking forum.
Moreover, the database being sold is linked to an undisclosed US-based delivery company, revealing that GrubHub owns the compromised data. Our researchers initially detected the breach while monitoring BreachForums, a notorious online marketplace for stolen data.
An unidentified actor had listed a database for sale, which was later confirmed to belong to the earlier-mentioned company. The seller claimed to have obtained sensitive information, such as user details, merchant data, and driver records.
The GrubHub data breach results from an account compromise owned by one of its third-party service providers.
The GrubHub data breach was allegedly caused by an intrusion into a third-party service provider’s account that provided support services. This security lapse allowed the attackers to access critical user data, which was then extracted and put up for sale.
Our researchers also identified that the purported breach resulted in the exposure of over 70 million lines of user information. The leaked dataset reportedly includes email addresses, phone numbers, password hashes, and possibly more user-related data, including merchants and drivers.
Furthermore, the threat actor listed the database for sale on BreachForums, demanding a public price of $100,000. Unlike typical ransomware attacks, this breach does not appear to involve direct negotiations with the compromised company.
On the other hand, the threat actors appear to be accepting bids for the highest price from potential buyers.
Grubhub is a US-based online food-ordering and delivery marketplace linked to at least 375,000 merchants and 200,000 delivery partners in more than 4,000 cities nationwide. These details show that the attack could have major implications for numerous customers across the United States.
The company has yet to address or verify the legitimacy of the threat actor’s claims. Still, potentially affected individuals should be on the lookout for potential threats, as the exposed information could lead to other malicious activities.
