Delivery Hero Brand Foodora Faces Data Breach
Delivery Hero confirms data breach of its Foodora brand, affecting customers more than 14 countries.
Berlin-based online food delivery service, Delivery Hero, confirms hackers stole from their servers during a Foodora brand’s breach.
The data-breach affected customers of 14 countries, that contained personal details of over 727,000 accounts. Unfortunately, the data includes names, addresses, phone numbers and hashed passwords so on. Along with that, the information also includes the geo-location. Precisely, the latitude and longitude coordinated upto six decimal points was also included in the data-breach. Such information can provide the customer’s accurate location within just a few inches.
However, the company said that no financial data was leaked during the breach.
The breach came to light, when the hacked data was posted on a popular forum on 19 May and several other forums.
“Unfortunately, we can confirm that a data breach has been identified concerning personal data dating back to 2016,” says Delivery Hero.
“The data originates from some countries across our current and previous markets.”
Delivery Hero, also says “started a thorough internal investigation and has informed all relevant authorities. We are working closely with our security and data protection teams, as well as local authorities, to identify what caused the breach and inform the affected parties.”
However, the company did not confirm how many accounts were compromised. As they mention that they are still accessing the situation. They did not confirm when they will be able to inform the affected parties.
Delivery Hero Brand Foodora Faces Data Breach Affected 14 countries
Foodora was compromised last year, as per the person posting the data of the leak on the forum.
After some investigation, experts believe that users from Singapore, Germany, Spain, France, Italy, Hong Kong, Canada, Norway, Australia, Sweden, UAE, Liechtenstein, Austria, and the Netherlands were affected due to data breach.
In Singapore, Foodpanda was a subsidiary of Delivery Hero.
The data exposed is listed as a separate SQL file each country. The files has labels as “CustomerAddress” and “Customers.”
Tory Hunt, a data breach expert, said in a statement that the breach has information of 79,000 users from Australia.
Among which, the oldest file belonging to Australia was from 25th August 2015 and the latest one was from 22nd April 2016. Also, there are around 600,000 unique email IDs in the data file.
Adding to his statement, he said most of the passwords were hash with “bcrypt” with a work factor of 11. The higher the work factor, the more hard is to crack.
Hunt said that such encryption is better than MD5, but it takes longer to generate encrypted data. So, many organizations are moving away from MD5 to ensure security. The data-breach also includes notes within the orders.
The location-based information in the data can reveal many users’ personal details, which can lead to stalking and spamming.
Difficult recovery path for Delivery Hero
The breach is not going to be easy for Delivery Hero to sort out. As they shut down Foodora in some of the affected countries more than two years ago.
In May, they stopped operations in Canada as well as in Australia, Netherlands, and France in 2018. Additionally, they sold German operations to a Dutch company. In Europe, they were bound by the General Data Protection Regulation and that may lead to fines up to 4% of an organization’s annual global revenue or €22 million, whichever is greater.
Protect your computer with HitmanPro Now
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
To secure Your Online accounts download DashLane Password Manager Now.