The personal data of more than five million Glovo orders are for sale. This is what happens after a hard hack

  • 12

The Glovo hack continues to cause problems. It has been more than a year since his database was hacked, but now the consequences have come to light again. The user named ‘k4fk4’ has put up for sale on the Dark Web a huge file with the personal data of Glovo clients, workers and riders.

In total, as described by the user himself, this database includes the data of 5,790,564 customer orders, 21,379 data employees and 37,509 messengers. A set of data that includes, according to the images shown, information as sensitive as full names, NIF, dates of birth, telephone numbers, postal and email addresses and even bank details (IBAN).

Personal data yes, credit cards no

The leak does not come from a new attack, but rather derives from the hacking suffered last year. An attack for which Glovo explains that “immediate measures were taken, blocking unauthorized access.”

Despite the fact that there is sensitive data, from Glovo they explain that “although he was able to access the IBAN numbers for a short period of time, did not access any customer card data since Glovo does not save or store such information and all passwords are encrypted.

‘k4fk4’ has put this database up for sale on Breach Forums, the successor to Raid Forums, which was shut down by the FBI. As he describes it, it is an “exclusive database” that he is only going to “sell it once”. Once placed on the Dark Web, the price that can be reached by this database is uncertain, since it enters the auction.

In addition to Glovo itself, Also included are 3,854 McDonald’s incident report records. The two companies maintain an exclusivity agreement for home deliveries, so this information was also found in the Glovo database that was hacked.

Glovo Data

From Glovo they remember that “we take data security very seriously”. Additionally, they explain that “the investigation of this case ended in 2021 and, then, a complete audit was carried out of the integrity of our systems. We also contacted the Spanish Data Protection Agency (AEPD), the main Data Protection Authority in this case, and provided them with all the information necessary for their investigation, which also concluded in 2021.”

However, as a result of the reappearance of this data, from Glovo they assure that they are “taking additional measures to eliminate them”.

In Xataka | How to know if your passwords have been leaked on the Internet

The Glovo hack continues to cause problems. It has been more than a year since his database was hacked, but…

The Glovo hack continues to cause problems. It has been more than a year since his database was hacked, but…

Leave a Reply

Your email address will not be published.