Asian food delivery service Chowbus, owned by Fantuan Group Inc., has suffered a data breach with hundreds of thousands of customer records stolen.
Exactly how the data breach took place is not known. The stolen data included customer names, email addresses, phone numbers and email addresses. Credit card data was not accessed.
Although the company has confirmed that “some of our user data has been illegally accessed” and that it’s addressing the issue, where the story takes a twist is how customers initially found out about the data breach.
Customers affected by the data breach started to receive emails early Monday labeled “Chowbus data” that contained links to where they could download the stolen company data, the Chicago Tribune reported today. One thread on Reddit details the email and the data sent via the link, with various users chiming in to state that they had also received the same email. The database contained more than 800,000 customer records and 444,000 unique email addresses.
New breach: Yesterday, Chowbus customers were sent a link to a CSV file with over 800k customer records. Data included names, physical addresses, phone numbers and 444k unique email addresses. 58% were already in @haveibeenpwned. Read more: https://t.co/03pwssKC80
— Have I Been Pwned (@haveibeenpwned) October 6, 2020
Based in Chicago, Chowbus provides food delivery services in the U.S., Canada and Australia. The data included customer information from Australia and well as North America with Riot Act reporting that information of customers from Canberra were found in the database.
“We are so used to ransomware attacks or other incidents committed for political or financial gain that a data breach at Chowbus is very unusual,” Ilia Sotnikov, vice president of product management at data security firm Netwrix Corp., told SiliconANGLE. “This scenario hasn’t been common before and can be a result of criminal mischief or a desire to harm a company’s reputation.”
By undermining trust in a company’s ability to protect customer data, hackers may encourage victims to turn to competitors, Sotnikov added. “Although there is no information on the root cause of this incident, we may assume that such an attack could have been initiated by an insider, such as a disgruntled employee,” he said.
Stephen Gates, security evangelist and senior solutions specialist at software security company Checkmarx Ltd., noted that such breaches highlight the need for better application security.
“If the breach wasn’t due to a malicious insider, then the likelihood the hack took place via the Chowbus website, or even more probable, their mobile app, is very high,” Gates said. “Organizations must do a better job of finding and remediating software vulnerabilities before their apps go online, not after a breach takes place.”
Image: Chowbus
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.