Grubhub Investigates Security Issue After User Data Exposure

The online food delivery industry is a major market, with DoorDash leading the U.S. sector in 2023, holding over 67% of the market share. Uber Eats followed with 25%, while Grubhub secured third place.

While not the first of its kind in the U.S., Grubhub was a pioneer in online meal delivery. In 2023, the platform served over 24.6 million active users across 4,000+ cities. However, a recent data breach may have compromised many of these users.

The network recently discovered that a third-party contractor had been infiltrated, allowing unidentified hackers to access personal data belonging to Grubhub users, merchants, and delivery drivers. This information was highlighted in a news release today.

Grubhub claims that the third-party contractor served the platform’s support team, thus it appears that only customers, merchants, and delivery drivers who communicated with Grubhub’s customer service are affected.

In order to stop further data leaks, the business said it “immediately terminated the [compromised] account’s access” and deleted the account from its system. It has also engaged forensic specialists to investigate the breach and determine where it originated.

Stolen Data Varies by User

Here’s what hackers took

• Names
• Email addresses
• Phone numbers
• Partial payment details (card type & last four digits for Campus Diners)

While hackers were able to get hashed passwords for certain legacy systems, they were unsuccessful in obtaining complete payment card numbers, bank account data, social security or driver’s license numbers, merchant login credentials, and Grubhub Marketplace customer passwords.

It is unclear how many users were affected and when the hack occurred because the company has not yet disclosed this information.

In addition to being aware of incoming phishing emails, Grubhub users should update their passwords regularly to maintain lasting safety.