The cybersecurity incident has exposed the account details of hundreds of thousands of customers in 14 different countries.
Delivery Hero told Infosecurity Magazine that the exposed data consists of “unique email addresses as well as certain customer details: encrypted password hashes, name, first name, delivery address, and phone number.”
The company confirmed that no financial data, clear-text passwords or geolocation data was exposed.
Data breached in the incident was found online on May 19, posted in a forum where stolen data is wont to show up, according to the Gov Infosecurity website. Whoever posted the data on the forum claims that Foodora was compromised in 2019.
A spokesperson for Delivery Hero said: “Unfortunately, we can confirm that a data breach has been identified concerning personal data dating back to 2016,” said a Delivery Hero spokesperson.
“The data originates from some countries across our current and previous markets.”
The compromised data appears to belong to Foodora users in Australia, Austria, Canada, France, Germany, Hong Kong, Italy, the Netherlands, Norway, Singapore, Spain, and the United Arab Emirates.
Data breach expert and Have I Been Pwned website creator Troy Hunt said that over 600,000 unique email addresses were among the leaked data. According to Hunt’s research, the oldest Australian files exposed in the incident date back to August 2015.
“Our security teams validated that the exposed database contained approximately 480,000 email addresses,” a Delivery Hero spokesperson told Infosecurity Magazine.
“Some explanation for the real number being lower, is due to duplicates, email addresses used for staging and testing accounts, invalid emails addresses (as we did not use any verification of email addresses back then), email addresses of domains owned by DH.”
Delivery Hero was founded in 2011 by Niklas Östberg. The business is based in Berlin, Germany, and operates in over 40 countries internationally in Asia, Europe, Latin America, and the Middle East.
The company, which has around 22,000 employees, partners with more than 500,000 restaurants globally to deliver over 3 million food orders per day.
Delivery Hero is not yet sure how the breach occurred but is taking steps to find out.
A spokesperson said the company has “started a thorough internal investigation” and is “working closely with our security and data protection teams, as well as local authorities, to identify what caused the breach and inform the affected parties.”
The spokesperson added that the “relevant authorities” have been informed of the data breach.
News Source: https://www.infosecurity-magazine.com/