Foodora, a Delivery Hero brand, leaked data from 750,000 customers in 14 different countries

A data breach can occur in any company. Delivery Hero, an online food delivery service, revealed that it suffered a safety incident that affected users of its Foodora brand. This data breach would have involved more than 720,000 users from 14 different countries.

The company confirmed that, among the compromised data, are the full names of users, addresses, phone numbers and encrypted passwords, among other data.

Even though the company emphasized that its users’ financial information was not compromised, users’ location data could be exposed with great accuracy. The compromised information was found on May 19, exposed in hacking forums, mentioned researchers from the Gov Infosecurity website. The user who posted this information (whose identity remains unknown) claims that the incident occurred in 2019.

In this regard, a Delivery Hero spokesperson acknowledged the incident and said that the exposed information was not updated: “Unfortunately, we can confirm that we have identified a data breach involving personal information dating back to 2016; the data presented comes from the various countries in which Foodora operates.”

A security analysis inferred that the data exposed belongs to users in countries such as:

  • Germany
  • Australia
  • Austria
  • Canada
  • Spain
  • France
  • Holland
  • Italy, among others

Troy Hunt, a computer security specialist and founder of the cybersecurity platform Have I Been Pwned, mentioned that more than 600,000 unique email addresses were found in this leak. Hunt claims that Information from Foodora users in Australia had not been updated since 2015.

Delivery Hero was founded in 2011 in Berlin, Germany, and operates in more than 40 countries in Asia, Europe, Latin America and the Middle East. The firm has more than 22,000 employees and has agreements with more than 500,000 food establishments around the world. According to its website, Delivery Hero and its associated brands deliver nearly 3 million orders a day.

The company’s spokesman concluded by mentioning that there is not clear how this data breach happened, although the incident is already being investigated by the company’s security teams, in conjunction with external security firms. The relevant authorities have also been informed about this.