Hackers Strike! Grubhub Users’ Data Leaked in Major Security Breach
CHICAGO, USA, 4th February 2025 – Grubhub reported a security breach of a third-party contractor that was able to gain unauthorized user contact access. Details of unusual activity were detected within Grubhub’s premises, thus an investigation was launched.
It was found that the breach originated from a vendor providing services to its Support Team. Access to the account was immediately disabled and the service provider was kicked out of Grubhub’s systems.
The unauthorized vendor extracted contact data related to campus diners and other related users who interacted with Grubhub’s customer care.
The data extracted varied among users and included names, phone numbers, and emails. Some campus diners also had their card type and last four digits of the payment card number exposed.
Moreover, extracted hashed legacy passwords were also accessible to the unauthorized party. In anticipation of threats, Grubhub reset any potentially compromised passwords. However, the company did confirm that passwords related to Grubhub Marketplace accounts were not compromised. They strongly suggest that their users opt for account specific passwords to heighten security.
The investigation was able to confirm sensitive personal details such as Social Security numbers, driver’s license numbers, bank account information, and full payment card numbers were not gained access to.
In an attempt to solve the issue and improve security measures, Grubhub decided to involve a separate cybersecurity company to conduct a deep investigation. The company also rotated all relevant passwords to block any possible unauthorized entry, as well as added extra anomaly detection methods within the internal services.
Grubhub continues to be focused on maintaining the trust of the customers, merchants, and drivers. The company has implemented system measures to further secure its systems and is in the process of strengthening security features to ward off similar attacks in the future.
This case demonstrates the need for strong cybersecurity defenses, especially when there are third party service providers involved. The response from Grubhub also shows its commitment toward the security of the platform.
Read Latest Stories:
How OpenAI & SoftBank’s $3 Billion AI Partnership Will Transform Businesses
Airline Shake-Up! Lufthansa Secures 41% of ITA Airways in a Bold Takeover
Japan’s AI Dilemma: Will DeepSeek Reduce Energy Use or Make It Worse?
