Click to Skip Ad
Closing in...
TRENDING: iOS 18 iPhone 16 Apple Watch Battery Life M4 MacBook Pro AirPods Max 2 watchOS 11 Apple One Reset AirPods iPad sideloading
Galaxy S25 preorder deals: Save up to $1,250!
Home Tech Apps & Software

Grubhub user data compromised in major security breach

By
Published Feb 4th, 2025 10:25AM EST
Image: Grubhub

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Popular food delivery company Grubhub announced it suffered a security breach involving a “third-party actor,” which gave “unauthorized access to certain user contact information.” The company announced this issue in a press release after it partnered with leading forensic experts and believes the incident has been fully contained.

Grubhub explains that it detected “unusual activity within our environment traced to a third-party service provider for our Support Team. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider. We immediately terminated the account’s access and removed the service provider from our systems altogether.”

According to Grubhub, this security breach gave access to the following data:

  • Names, email addresses, and phone numbers
  • Partial payment card information for a subset of campus diners (card type and last four digits of the card number)

The hacker also accessed hashed passwords for certain legacy systems. While they haven’t accessed any codes associated with Grubhub Marketplace accounts, the company encourages users to use unique passwords to minimize risk. This means that if they use the same password for different accounts, they should definitely change their codes.

Still, Grubhub says that the majority of user’s data hasn’t been accessed, which includes:

  • Grubhub Marketplace customer passwords
  • Merchant login information
  • Full payment card numbers
  • Bank account details
  • Social Security or driver’s license numbers

Finally, the company states to avoid further security breaches, it’s implementing new measures:

  • Engaged Forensic Experts: Partnered with a third-party cybersecurity firm for a comprehensive investigation.
  • Strengthened Credential Security: Rotated all relevant passwords to prevent potential unauthorized access.
  • Enhanced Monitoring: Deployed additional anomaly detection mechanisms across internal services.

BGR will let you know as we learn more about Grubhub’s security breach and whether it could have a broader impact on its users.

Don’t Miss: Colorado police gave out free AirTags to help stop car thefts

This article talks about:

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.

José Adorno's latest stories

More Tech

Latest News