From PC Mag: Grubhub has suffered yet another data breach and is facing an extortion demand from the hackers, Bleeping Computer reports.
In February 2025, data from the food delivery platform was stolen as part of a large-scale Salesforce security breach. That attack was carried out by a group called ShinyHunters, and sources tell Bleeping Computer that the same group is behind the latest leak involving Grubhub’s Zendesk data.
Grubhub uses Zendesk to run its online chat for customer complaints and account issues, and credentials stolen in a recent attack on Salesforce's Drift app helped ShinyHunters breach the system, the report adds.
The food delivery service has yet to reveal the total number of users affected or the types of data stolen in the recent attack. It has, however, confirmed that it is working with a third-party cybersecurity firm to strengthen its systems and has reported the incident to law enforcement.
“We're aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” a company spokesperson tells Bleeping Computer. "We quickly investigated, stopped the activity, and are taking steps to further increase our security posture. Sensitive information, such as financial information or order history, was not affected.”
View: Full Article
