Eatstreet, an online and mobile food ordering service, disclosed today a security breach that took place last month and during which a hacker stole the company’s database, complete with customer and partner details.
ZDNet has learned that responsible for this breach is Gnosticplayers, a hacker who previously breached many other online services, including big names such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, Evite, and others.
This reporter learned of the Eatstreet breach in conversations with the hacker during the process of verifying the Canva hack allegations last month.
At the time, the hacker only boasted about breaching EatStreet but did not provide any evidence of the hack.
Breach disclosed this week
However, in a series of data breach notification letters the company sent to end customers, delivery services, and restaurant partners, the company admitted to getting hacked.
Per EatStreet, the hacker breached its computer network on May 3 and proceeded to access and download information from its database, until May 17, when the company said it detected the intrusion and promptly terminated the hacker’s access.
The hacker stole information on customers who used the EatStreet online or mobile service to order food from local restaurants to their homes.
The hacker also got hold of information EatStreet had on restaurants participating in its service, along with info on the third-party delivery services that the company had partnered with to deliver the food from restaurants to customers’ homes.
Accessed information included names, phone numbers, email addresses, bank accounts, and routing numbers for restaurants and delivery services.
For customers who ordered food through the EatStreet app and website, information the hacker might have accessed or stolen included names, credit card numbers, expiration dates, card verification codes, billing addresses, email addresses, and phone numbers.
Breach tally unknown
The company did not say how many users were impacted by this security incident, but the company’s website claims “EatStreet serves over 250 cities, connecting customers to more than 15,000 restaurants.” On the Google Play Store, the EatStreet app is listed as having over 100,000 downloads.
“We have […] notified our credit card payment processor of the incident so that the card brands are also notified and are aware of the incident,” EatStreet said.
“In addition, we have enhanced the security of our systems, including reinforcing multi-factor authentication, rotating credential keys and reviewing and updating coding practices,” it added.
Gnosticplayers did not respond to additional requests for comment about this incident. Over the past few months, this hacker has stolen and put up for sale 1,071 billion user credentials from 45 companies.
More data breach coverage:
Evite e-invite website admits security breachCryptocurrency startup hacks itself before hacker gets a chance to steal users fundsMassive Quest Diagnostics data breach impacts 12 million patientsEquifax breach impacted the online ID verification process at many US govt agencies
AMCA data breach has now gone over the 20 million markCBP says hackers stole license plate and travelers’ photosFacebook passwords by the hundreds of millions sat exposed in plain text CNET
The largest cybersecurity breaches of the past three years TechRepublic
Related Topics:
Security TV
Data Management
CXO
Data Centers