BreachExchange mailing list archives
Food Delivery Service Chowbus Experiences Data Breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 7 Oct 2020 09:28:44 -0500
https://www.infosecurity-magazine.com/news/delivery-service-chowbus-breach/ Chicago-based Asian food delivery service Chowbus has suffered a data breach with more than 800,000 customer records and 444,000 unique email address exposed. According to the Chicago Tribune, reports from customers on Twitter said they began receiving emails yesterday labeled “Chowbus data” that contained links where they could download company databases containing contact information for restaurants and customers. A Reddit thread said the files are in .cvs format, and contain 4,300 critical business/personal information entries in the restaurant file, while the “users” file has 803,350 files. Both contain names and contact information. While Chowbus has not confirmed how many customers were affected or how the breach happened, company founder and CEO Linxin Wen sent an email to customers confirming it learned about the data breach on Monday morning, and said credit card information and account passwords were not stolen. A statement posted on the Reddit thread, said: “Thank you for bringing this to our attention. As soon as we became aware of this incident, our security team quickly took steps to secure our systems, including our customers’ account information. The link from the email is already disabled. Your credit card information does not exist in our systems. Any credit card information and transaction is processed by Stripe, a secure 3rd party payment processor. We are confident your credit card information is safe.” Paul Edon, senior director, technical sales and services (EMEA) at Tripwire, said this type of attack is unusual and appears to have been aimed at undermining the reputation of Chowbus. “Based on the way in which data was released, there is a high probability that this was the work of a disgruntled employee or ex-employee,” he said “Anyone with a Chowbus account should immediately change their account password and if possible, implement two-factor authentication.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Food Delivery Service Chowbus Experiences Data Breach Destry Winant (Oct 07)