+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Customers of food delivery app Chowbus had their home addresses leaked. The breach appears to have affected hundreds of thousands of users.

Oct 6, 2020, 18:31 IST
Business Insider
Oscar Wong, Getty Images
  • Food delivery app Chowbus emailed customer names, full addresses, and phone numbers to other users on Monday.
  • Screenshots of an email posted to Reddit suggest the breach may have impacted hundreds of thousands of customers.
  • The company, which delivers from Asian restaurants and stores in the US, Canada, and Australia, didn't comment on how the breach occurred, but said data was "illegally accessed."
  • Credit card information and passwords were safe, it added.
Advertisement

Asian food delivery service Chowbus emailed customer data, including home addresses and phone numbers, to some of its users after a breach on Monday.

An email address registered with the company sent a link to files containing details of about 4,300 restaurants as well as information about hundreds of thousands of customers, screenshots posted to Reddit suggest. The files, sent Monday, appeared to include names, postal addresses, phone numbers, and more than 400,000 email addresses, according to data breach watchdog Have I Been Pwned.

At least some of the data related to test accounts, the Reddit screenshots suggest.

"Pretty sure it had everyone's stuff," one Reddit user posted. "The CSV file was like 69MB large and I had no problem finding my own stuff."

It is not clear how many customers received the email, which had the subject line "Chowbus Data."

Advertisement

Chowbus confirmed the breach in an email to customers sent Monday. Some user data "had been illegally accessed and made available online," it said. The company didn't comment on how the breach occurred, or how many customers were affected.

Customers' credit card information was safe because transactions are processed by a third-party company, Stripe, Chowbus said on Twitter. The files didn't contain customers' passwords, it said.

"We are confident your credit card information is safe," it said.

"As soon as we became aware of this incident, our security team quickly took steps to secure our systems, including our customers' account information," Chowbus said on Twitter, adding that the company had disabled links from the original email.

The hack only affected US users, Chowbus told Australian publication The RiotACT. But the site reported that Australian users were also included in the hack. The delivery service only launched operations in the country on September 30.

Advertisement

Business Insider has contacted Chowbus for comment.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article