Glovo has suffered a massive filtration of data which exposes the privacy of its distributors and customers, both consumers and restaurants, being McDonald’s one of the most affected. On July 30, a user of a well-known illicit ‘hacker’ portal published an advertisement to sell an important database extracted from the home delivery firm of Catalan origin. This has been advanced specialized twitter account in cyber attacks and sale of stolen information in the ‘deep web‘, information that EL PERIÓDICO has been able to contrast.
The database includes sensitive data up to 37,509′riders‘ who work for the company with the yellow backpacks, although they operate as self-employed and are not recognized as employees. These data include the full name of the dealers, as well as their ID, telephone numbers, emails, bank account numbers, addresses of their residence, types of contract and transport used to carry orders from one place to another. The delivery data that is detailed as exposed in this publication was already exposed in another leak last year.
The leaking of this personal data can carry serious risks not only for your privacy, as it can be later used by cyber criminals to attack victims, impersonate their identity and steal even more data.
#Spain ?? – #database of Glovo is on #Comes out
This dataset includes 5,790,563 costumers, 21,379 employees, 37,509 couriers and 3,854 mc donald incident report records.
Glovo is a Spanish quick-commerce start-up founded in Barcelona in 2015. #DarkWeb pic.twitter.com/x4PC4gQF34
— Daily Dark Web (@DailyDarkWeb) August 2, 2022
Six million customer data
According to the forum post, among the extracted data there is also information on almost six million orders of Glovo customers (5,790,563 specifically) that include the customer’s name, the order code as well as its status and delivery time.
The data package for sale on this illicit portal of ‘hackers‘ also includes up to 3,854 reports of incidents with the McDonald’s delivery system. The American fast-food giant is one of Glovo’s principals. That data includes the order identifier, affected products, the reason a complaint has been opened, and whether the customer has been offered both a refund and a product exchange.
The person or group of people who are offering this data has not put a price and has left an encrypted email address so that other users of the portal can negotiate the total cost. “Important! It is an exclusive database and I will only sell it once,” she said, suggesting that the price may be high.
Related news
Both the scope and the origin of this data leak are still unknown. In May 2021 the company, now owned by the German multinational Delivery Hero, was the victim of a computer attack who exposed data on his customers and delivery men, although he denied that credit card numbers had been stolen.
EL PERIÓDICO has contacted Glovo and is waiting for more details to be able to expand this information.