Some GrubHub customers and drivers have had their personal informatoin snatched in a third-party breach. Candid.Technology reports:
GrubHub, one of the leading food delivery platforms in the United States, has disclosed a security breach linked to a third-party contractor, resulting in unauthorised access to user contact information. The breach resulted in unauthorised access to the contact information of various users, including campus diners, merchants, and drivers who had engaged with GrubHub’s customer support.
The compromised data included names, email addresses, phone numbers, partial payment card details (card type and last four digits) for some campus diners, and hashed passwords for specific legacy systems.
According to the company, the breach was discovered when unusual activity within its system was detected. A subsequent investigation traced the activity to a third-party service provider affiliated with GrubHub’s Support Team. The affected account was immediately terminated, and the service provider was completely removed from GrubHub’s systems to prevent further exposure.
Read more at Candid.Technology. GrubHub did not reveal how many people were affected by the incident nor whether there has been any ransom demand or threat of leaking data. The third-party vendor was not named.