UPDATED 22:58 EDT / OCTOBER 06 2020

SECURITY

Customer records stolen in data breach of Asian food delivery service Chowbus

Asian food delivery service Chowbus, owned by Fantuan Group Inc., has suffered a data breach with hundreds of thousands of customer records stolen.

Exactly how the data breach took place is not known. The stolen data included customer names, email addresses, phone numbers and email addresses. Credit card data was not accessed.

Although the company has confirmed that “some of our user data has been illegally accessed” and that it’s addressing the issue, where the story takes a twist is how customers initially found out about the data breach.

Customers affected by the data breach started to receive emails early Monday labeled “Chowbus data” that contained links to where they could download the stolen company data, the Chicago Tribune reported today. One thread on Reddit details the email and the data sent via the link, with various users chiming in to state that they had also received the same email. The database contained more than 800,000 customer records and 444,000 unique email addresses.

Based in Chicago, Chowbus provides food delivery services in the U.S., Canada and Australia. The data included customer information from Australia and well as North America with Riot Act reporting that information of customers from Canberra were found in the database.

“We are so used to ransomware attacks or other incidents committed for political or financial gain that a data breach at Chowbus is very unusual,” Ilia Sotnikov, vice president of product management at data security firm Netwrix Corp., told SiliconANGLE. “This scenario hasn’t been common before and can be a result of criminal mischief or a desire to harm a company’s reputation.”

By undermining trust in a company’s ability to protect customer data, hackers may encourage victims to turn to competitors, Sotnikov added. “Although there is no information on the root cause of this incident, we may assume that such an attack could have been initiated by an insider, such as a disgruntled employee,” he said.

Stephen Gates, security evangelist and senior solutions specialist at software security company Checkmarx Ltd., noted that such breaches highlight the need for better application security.

“If the breach wasn’t due to a malicious insider, then the likelihood the hack took place via the Chowbus website, or even more probable, their mobile app, is very high,” Gates said. “Organizations must do a better job of finding and remediating software vulnerabilities before their apps go online, not after a breach takes place.”

Image: Chowbus

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU