When you think of ordering food online to be delivered on your doorstep, most of you would first think of Foodmandu. Be it to satisfy a quick hunger pang, save a dinner party at your place or to order that latest tastiest of the tasty pizza you just saw your favorite Instagram foodie post online, Foodmandu has got you covered.
But apparently, a thing Foodmandu was not so quick to cover was the security of its own users.
A database breach, which happened earlier today, has compromised the personal data of over 150,000 Foodmandu users. This data includes the user’s address, email, phone numbers, and exact geolocation. The hacker in question, a person who goes by the name of Mr.Mugger(@mr_mugger) on twitter, posted a tweet emphasizing the company’s neglect towards security vulnerabilities. While 150,000 users’ data has been stolen, 50,000 entries have been posted publicly on GitHub for everyone to see.
According to a public statement posted by Foodmandu, the incident was due to a loophole in their web application and has been fixed immediately thereafter. The motive of the hacker hasn’t exactly been known. But just because the loophole has been fixed doesn’t mean that the implications of the data leak have just vanished into thin air for us users. Such data can be sold off to potential buyers (for potentially bad uses of course) risking the users’ personal security and privacy. Basically, lots of people now know your exact address, phone number, email and what you ate for dinner last week… this is unnerving, to say the least.
One particularly chilling detail included in the hacker claims tweet is “…more than 150k User’s Personal Details,… …However, the demo has been filtered…”. This opens up the possibility that the more items, like passwords, might have been compromised as well.