The U.S.-based online food ordering and delivery platform UberEATS is the latest victim of a data breach. Security researchers from cybersecurity firm Cyble came across unknown hackers leaking personal records of UberEATS customers and employees on darknet forums.
“During our research process, the Cyble Research Team got hold of some informative details related to this leak,” Cyble said in a release.
What Information Was Exposed
- 9 TXT files leaked, which contained details of UberEATS delivery drivers, delivery partners, and customers.
- Around 579 UberEATS customers’ files and login credentials were exposed on the dark web.
- Leak of over 100 delivery drivers’ personal data including, full name, contact details, trip details, bank card details, and account creation date.
Exposed Data on Dark Web
How to Mitigate Data Breach Risks
Data breaches can pose serious security issues to individuals and organizations when the stolen data falls in the wrong hands. Cyble recommended certain security tips to protect personal data against attackers:
- Never share personal information, including financial information over the phone, email, or SMS.
- Use strong passwords and enforce multi-factor authentication or two-factor authentication (2FA) where possible.
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic.
- Use a reputed anti-virus and internet security software package on your connected devices including PC, laptop, mobile.
Attacks on Food Delivery Platforms
Multiple security incidents have been reported on food delivery services as cybercriminals are taking advantage of the ongoing pandemic to target businesses and users online. In a recent incident, threat actors launched a distributed denial-of-service (DDoS) attack on Germany-based food delivery firm Takeaway.com (Liefrando.de). Attackers demanded two Bitcoins (around US$11,000) in ransom to stop the attack. Earlier, DoorDash, a San Francisco-based food-delivery service provider, faced a massive data breach that affected data of around 4.9 million people (its customers, delivery workers, and merchants), who were using its service platform. The company said that an unauthorized third-party accessed its user data on May 4, 2019. DoorDash clarified that users who joined its services platform on or before April 5, 2018, were affected in the incident.
