Chowbus users say hundreds of thousands of customer emails, phone numbers exposed in data breach

email
Credit: CC0 Public Domain

Chicago-based Chowbus confirmed the Asian food delivery service experienced a data breach after users reported getting access to a massive database with email addresses, phone numbers and mailing addresses of customers.

Customers said on Twitter they began receiving emails early Monday morning labeled "Chowbus data" that contained links where they could download company databases containing for restaurants and customers.

Posts on the social media sites Reddit and Twitter indicate emails were sent from a company account containing links to addresses for about 4,300 restaurants, and names, email addresses, phone numbers and mailing addresses for hundreds of thousands of customers.

Linxin Wen, company founder and CEO, sent an email to customers Monday confirming the and saying user credit card information and account passwords were not stolen. The company posted several messages on Twitter saying Chowbus' credit card information is processed by "Stripe, a secure 3rd party payment processor," and the company is "confident your credit card information is safe."

Wen said in the its security team took steps to secure its systems after learning about the breach about 1:30 a.m. Monday.

Chowbus has not said how many customers were affected or how the breach happened. The company's general manager, Steven Mao, referred questions Tuesday to a company spokesperson, who did not immediately respond to a request for comment.

Security researcher Troy Hunt said it is unusual for a hacker to send information to customers instead of trying to monetize the stolen information by selling it.

"I do wonder about the motive here. Whoever did this, it is obvious it wasn't financial," he said. Hunt is the founder of the website haveibeenpawned.com, where people can check to see if they've been affected by certain data breaches, including the one at Chowbus.

Wen and Suyu Zhang founded the Asian food platform in Chicago in 2015. The application, which aims to connect people to authentic Asian restaurants, is available in 20 North American cities including New York, Chicago, Los Angeles and Seattle. It is also available in parts of Australia and Canada.

In July, the company announced it had raised $33 million in funding to help it expand to other cities, bringing the 's total fundraising to about $38 million.

©2020 Chicago Tribune
Distributed by Tribune Content Agency, LLC.

Citation: Chowbus users say hundreds of thousands of customer emails, phone numbers exposed in data breach (2020, October 7) retrieved 29 March 2024 from https://techxplore.com/news/2020-10-chowbus-users-hundreds-thousands-customer.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Best Buy warns of data breach

6 shares

Feedback to editors