
Food delivery service Grubhub reported that its customers, drivers and partners’ data was leaked through a compromise of a third-party service provider’s account. The incident may have compromised contact details, some payment information and hashed passwords.
The company said it detected unusual activity in its customer support system, which was associated with one of the third-party providers. Once the threat was detected, Grubhub immediately disabled access to the compromised account and terminated cooperation with that provider.
According to an official statement, the compromised data included:
At the same time, the company assures that full card numbers, bank accounts, social security numbers and other sensitive data were not stolen.
According to cybersecurity analysts, this incident demonstrates the vulnerability of companies that rely on third-party providers. Experts suggest that data leaks by third parties are becoming more common and that companies should pay more attention to managing the risks of integration with partners.
Grubhub has taken steps to strengthen its cybersecurity, including updating all passwords, increasing anomaly monitoring and appointing external cybersecurity experts. However, this incident once again highlights that protecting against third-party attacks is one of the main challenges of modern cybersecurity.