Berlin-based Delivery Hero has become the latest multinational company to confirm a massive data breach. On Monday, June 15, Gov Info Security first reported that the European company confirmed a data leak affecting its online food delivery brand Foodara.
“Unfortunately, we can confirm that a data breach has been identified concerning personal data dating back to 2016,” a spokesperson from Delivery Hero said. “The data originates from some countries across our current and previous markets.”
According to the report, the data leak involved account details of 727,000 Foodara customers across 14 different countries. Among the information exposed included the names, addresses, phone numbers, and hashed passwords of affected users.
While no financial data has been leaked, information on customers’ geolocation, which the article described to be “accurate to within a couple of inches,” has been exposed.
Data stolen from the breach was found on a popular hacker forum on May 19, in which the host claimed that Foodora was compromised last year.
Basing on the data found online, Gov Info Security said impacted Foodora users were mostly from United Arab Emirates, Singapore, Germany, Spain, France, Liechtenstein, Italy, Austria, Hong Kong, the Netherlands, Canada, Sweden, Norway, and Australia, with the oldest file dating from Aug. 25, 2015, and the latest one on April 22, 2016.
While Delivery Hero failed to provide a specific number of the impacted accounts, data breach expert and Have I Been Pwned website creator Troy Hunt said that the breach contained more than 600,000 unique email addresses.
Founded in 2011, Delivery Hero works as a multinational online delivery company. The firm now operates in over 40 countries, with presence across Asia, Europe, Latin America, and the Middle East. It also houses around 22,000 employees, with over 500,000 partner restaurants worldwide.
Info Security Magazine said the company delivers more than 3 million food orders per day.
To date, Delivery Hero said it’s on the process of investigating the incident. Relevant authorities have also been informed about the breach.
“We are working closely with our security and data protection teams, as well as local authorities, to identify what caused the breach and inform the affected parties,” the company added.
According to Hunt, different people have already notified him of the Foodora breach over the last few weeks.
“It’s amazing in this day and age to have data circulating between so many people and the organization not be aware of it,” he commented.