Glovo has suffered a massive leak of datathat exposes the privacy < /strong>of its distributors and customers, both consumers and restaurants, being McDonald's one of the most affected. A user of a well-known illicit 'hacker' portal published On July 30, an announcement was made to sell an important database extracted from the home delivery firm of Catalan origin. so It has been advanced by a Twitter account specializing in cyberattacks and the sale of stolen information on the 'deep web', information that EL PERIÓDICO has been able to verify .
The database includes sensitive data of up to 37,509 'riders' who work for the company with the yellow backpacks, although they operate as self-employed and are not recognized as employees. These data include the full name of the distributors, as well such as their DNI, telephone numbers, emails, bank account numbers, residence addresses, types of contract and transport used to carry orders from one place to another. The delivery data detailed as exposed in this publication was already exposed in another leak last year.
Leakage of this personal data can lead to serious risks not only for your privacy, as it can later be used by cybercriminals to attack victims, impersonate their identity and steal even more data. s data.
#Spain 🇪🇸 – #Database of Glovo is on #Sale
This dataset includes 5,790,563 costumer, 21,379 employee, 37,509 Couriers and 3,854 mc donald incident report records.
Glovo is a Spanish quick-commerce start-up founded in Barcelona in 2015. #DarkWeb pic.twitter.com/x4PC4gQF34
— Daily Dark Web (@DailyDarkWeb) August 2, 2022
Six million pieces of customer data
According to the forum post, among the data n there is information on almost six million ordersof Glovo clients (5,790,563 specifically) that include the name of the client, the code of the order as well as the name of the client. such as its status and delivery time.
The data package for sale in this illicit portal of 'hackers' also includes up to 3,854 reports of incidents with the McDonald's delivery system. The American fast food giant is one of Glovo's principals. That data includes the order identifier, products affected, the reason a complaint has been opened, and whether the customer has been offered either a refund or a product exchange.
The person or group Of people who are offering this data have not put a price and have left an encrypted email address so that other users of the portal can negotiate the total cost. “Important! It is an exclusive database and I will only sell it once,” he said, which suggests that the price may be high.
Both the scope and the origin of This data leak is still unknown. In May 2021, the company, now owned by the German multinational Delivery Hero, was the victim of a computer attack that exposed data on its customers and couriers, although it denied any damages. that credit card numbers had been stolen.
EL PERIÓDICO has contacted Glovo and is waiting for more details to expand on this information.