GrubHub had 70 million lines of data from almost 17 million accounts touted to have been compromised in an attack against the major U.S. online food delivery service in February, according to Cybernews.
Included in the stolen data trove were names, emails, and SHA1 cryptographic hash-encrypted passwords, noted the threat actors' post on a data leak site. While GrubHub has yet to confirm the veracity of the claims, such assertions have aligned with the firm's disclosure of a third-party breach, which resulted in the theft of contact details and partial payment information belonging to campus diners, diners, merchants, and drivers. Even though the exposed database suggests a less significant breach than initially though, such information could still be leveraged in collision attacks that enable account infiltration via fraudulent credentials, said Cybernews researchers. "The purpose of selling this data ranges from using this massive collection of emails and phone numbers to launch phishing campaigns, scams, and identity theft to using weakly hashed passwords for credential stuffing attacks on other services," said Cybernews researcher Neringa Macijauskait.
Included in the stolen data trove were names, emails, and SHA1 cryptographic hash-encrypted passwords, noted the threat actors' post on a data leak site. While GrubHub has yet to confirm the veracity of the claims, such assertions have aligned with the firm's disclosure of a third-party breach, which resulted in the theft of contact details and partial payment information belonging to campus diners, diners, merchants, and drivers. Even though the exposed database suggests a less significant breach than initially though, such information could still be leveraged in collision attacks that enable account infiltration via fraudulent credentials, said Cybernews researchers. "The purpose of selling this data ranges from using this massive collection of emails and phone numbers to launch phishing campaigns, scams, and identity theft to using weakly hashed passwords for credential stuffing attacks on other services," said Cybernews researcher Neringa Macijauskait.
