A group of hackers accessed confidential data and login credentials related to tens of millions of Spanish delivery app Glovo’s customers, drivers and employees, cybersecurity firm Yarix said it had discovered.
On Tuesday it said it had evidence attackers are attempting to sell the archive on the dark web – part of the Internet unreachable by conventional web browsers – with about 160 gigabytes of names, phone numbers, passwords and data related to customers payment systems for sale for about US$85,000 (RM350,880).
“While the unauthorised third party was able to access IBAN and Tax ID numbers for a short period of time, we can confirm no credit/debit card data was accessed,” a Glovo spokesman said.
Bloomberg hasn’t been able to verify the authenticity of the information alleged to be up for sale, or over what time period it dates back to. Forbes reported on May 4 that Glovo data had been breached. It’s unknown if the data associated with that breach, which Glovo confirmed to Forbes, is connected to that discovered by Yarix.
Mirko Gatto, Yarix’s chief executive officer, said his company were able to obtain extracts from the stolen database that included payment details and Glovo access credentials.
“It’s strongly recommended for Glovo users to change their password and to keep an eye on their credit cards, to verify that there are no abnormal charges,” Gatto said. – Bloomberg