Another day, another breach. The victim now appears to be the food ordering and delivery service EatStreet. In breach notices sent to the service partners, customers, and delivery services, EatStreet disclosed a data breach incident that targeted the service in May.
EatStreet Disclosed Data Breach
Reportedly, the food delivery service EatStreet disclosed data breach to its customers and affiliates. The service suffered a security breach in May 2019, that possibly exposed personal details of affected individuals.
The incident allegedly happened on May 3, 2019, following unauthorized access to their database. EatStreet detected the issue a few days later on May 17, 2019. As stated in their notice,
The unauthorized third party was able to acquire information that was in our database on May 3, 2019.
The security incident directly affected EatStreet’s customers, restaurant partners, and delivery services. Consequently, the information breached during the incident also varies with the category. With regards to the breached information of the diners (customers), the notice stated:
The information that the unauthorized third party may have accessed included the payment card information for a limited number of diners. Unfortunately, we believe this incident may have included your name, credit card number(s) ending in<<ClientDef1(XXXX)>>, expiration date, card verification code, billing address, email address, and phone number.
Whereas, for the delivery services and partnering restaurants, the breached details include restaurant name and address, or the delivery service name, concerned person’s name, email address, phone number, and bank account and routing number.
However, EatStreet did not specify the number of customers, or the affiliated services affected by this incident.
After noticing the breach, the service employed all the necessary steps to contain the attack. They involved an IT forensic firm for investigations that still continue, and improved their systems’ security.
We have enhanced the security of our systems, including reinforcing multi-factor authentication, rotating credential keys and reviewing and updating coding practices.
GnosticPlayers In Action Again
The notice shared by EatStreet does not mention any technical details associated with the breach. Nonetheless, according to ZDNet, the incident links back to GnosticPlayers – the same hacker behind the Canva breach.
According to the details shared by the hackers with ZDNet, the breach at EatStreet impacts around six million users. As stated by ZDNet,
The hacker claimed he was in the possession of over six million user records he took from the company’s servers.
Take your time comment on this article.