HQ/EMEAFind out how we can help your business
A food delivery company, Weee!, have reportedly been targeted by a cybercriminal group that exposed the data of over a million of its consumers across the US. The company caters to its customers, primarily within North America, which offers mostly Asian and Hispanic food items in all of its US branches.
Under the username ‘IntelBroker,’ the threat actor posted in an underground forum about its claims of obtaining Weee!’s database, which allegedly consisted of 11 million customers’ highly sensitive information.
However, a separate study of the incident revealed that it only affected 1.1 million Weee!’s customers and not 11 million, as claimed by the hacker.
The American food delivery company confirmed the threat actor’s claims of a data breach.
After security researchers learned about IntelBroker’s post on the dark web forum, the food delivery company had immediately been contacted. Subsequently, Weee!’s management confirmed to the researchers that the incident compromised customers’ delivery details and information.
According to the assessments, the threat actor had obtained the customers’ full names, email addresses, mobile numbers, device types, order details, and other food delivery-related information.
On the other hand, the food delivery company clarified that the customers’ payment data are not included in the exposure, as they do not retain financial data in their databases for safety precautions. Nevertheless, the company admits that the mentioned customer information above has been impacted, specifically those that have placed orders from July 12, 2021, to July 12, 2022.
These affected customers are notified respectively and will be provided assistance while the incident has yet been under control. Weee! also stated upgrading its security measure to ensure continued quality customer service and preserve customer trust.
Customers are also advised to visit the ‘Have I Been Pwned’ website which could check if their email address is included in the compromise.
While evidence of data misuse from threat actors has yet to be discovered, the customers of the food delivery company are advised to monitor their email inboxes for attack attempts using their stolen data. Reporting cyberattack attempts is also recommended to enforce the implementation of proper actions.
