Online food delivery platform FreshMenu had suffered a security breach in 2016 that exposed personal data of over 110,355 users. A report from Have I Been Pwned (HIBP), the data breach research platform built by security expert Troy Hunt, claims the company was aware of a massive data breach but it did not decided to go public.
The breached details are said to include names, email addresses, phone numbers, home addresses and order histories. At the moment, there’s no telling whether a data breach exposed consumers’ credit card data and payment information.
“When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers,” stated Have I Been Pwned (HIBP). The breach is said to have taken place on July 1, 2016, but the information was added to the HIBP data base on September 10. In a tweet, the Have I Been Pwned site said that 75 per cent of the leaked addresses were part of the data base. Meanwhile, one of the app’s users claims that his e-mail address was part of the massive data breach.
New breach: FreshMenu had 110k customer records exposed in 2016 including names, phone numbers, order histories, physical & email address. FreshMenu was aware of the incident & elected not to disclose it to customers. 75% were already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) September 10, 2018
Disgusting, @FreshMenuIndia. I’m one of the people affected by this breach. You’ve leaked my purchase history, and you don’t think you owe me a notice? So glad I’ve quit buying from FreshMenu. https://t.co/ejpPZkZ9EE
— Kiran Jonnalagadda (@jackerhack) September 10, 2018
A look back at recent years reveal that this breach isn’t the first time that hackers have targeted online food ordering apps. Last year, India’s largest online restaurant guide app, Zomato had suffered a security breach with over 17 million user records stolen from the company’s data base. The online food aggregator reassured users that no payment information or credit card details were stolen.