Inside the EatStreet Data Breach: Is Food Ordering Service Safe?

With the increasing popularity of online food ordering services, the safety and security of these platforms have come into question. The recent EatStreet data breach has raised concerns about the protection of customer data and the potential risks associated with using food ordering services.

What is the EatStreet Data Breach?

The EatStreet data breach refers to a security breach that took place in May 2019. GnosticPlays, a hacker, disclosed a security breach involving EatStreet, an online food ordering service. The breach compromised sensitive customer information, including names, email addresses, phone numbers, billing addresses, card verification codes, and credit card numbers.

Data breach

Who was affected?

  • Over 6 million EatStreet users nationwide had their personal information compromised.
  • This included:
    • Names
    • Credit card numbers
    • Billing addresses
    • Email addresses
    • Phone numbers
    • Information belonging to restaurant and delivery partners was also exposed.

Timeline

  • May 3, 2019: A hacker breaches EatStreet’s network and begins accessing data.
  • May 17, 2019: EatStreet detects the intrusion and terminates the hacker’s access.
  • June 2019: EatStreet publicly discloses the breach and begins notifying affected individuals.

How Did the Breach Occur?

The breach occurred due to a vulnerability in EatStreet’s security infrastructure, allowing unauthorised access to customer data. GnosticPlays exploited this weakness and gained access to a significant amount of sensitive information.

While the exact methods used in the EatStreet breach haven’t been fully disclosed, here are common ways breaches like this occur:

  1. Exploiting Vulnerabilities in Systems or Software:
    • Hackers often scan for known vulnerabilities in outdated software, operating systems, or web applications.
    • Once a weakness is found, they can exploit it to gain access to a system.
  2. Phishing Attacks:
    • Hackers may send emails or text messages that appear to be from a legitimate source, such as EatStreet itself.
    • These messages often contain links or attachments that, when clicked, install malware or allow the hacker to steal credentials.
  3. Stolen or Weak Credentials:
    • Hackers can obtain login credentials through various means, such as data breaches at other companies, phishing attacks, or social engineering.
    • If users have weak or reused passwords, hackers can easily access their accounts.
  4. Third-Party Breaches:
    • Sometimes, breaches occur due to vulnerabilities in third-party vendors or services that a company uses.
    • If a vendor’s systems are compromised, it can expose the data of their clients, like EatStreet.
  5. Insider Threats:
    • In some cases, breaches are caused by employees or individuals with authorised access to a company’s systems.
    • This could be due to malicious intent, negligence, or accidental mistakes.

EatStreet hasn’t specified which of these methods were used in their case, but it’s likely that a combination of factors contributed to the breach.

When Was the Breach Discovered and Disclosed?

The breach was discovered by EatStreet on May 3, and it was publicly disclosed on May 17, following the company’s investigation into the incident.

Although the hacker accessed the database on May 3rd, it took EatStreet nearly two weeks to detect and terminate the intrusion. It’s important to note that this delay in discovery and disclosure can significantly impact affected individuals, as it gives the hacker more time to exploit the stolen data.

What Data Was Compromised During the Breach?

During the breach, customer payment card information, including credit card numbers, card verification codes, billing addresses, and other personal details, was compromised, posing a significant risk to the affected individuals.

How Does the EatStreet Data Breach Impact Food Ordering Services?

EatStreet Data Breach

During the EatStreet data breach in 2019, a range of sensitive information was compromised, depending on the individual or entity involved:

For Customers

  • Personal information: Names, addresses, phone numbers, email addresses.
  • Financial information: For a limited number of customers, payment card information includes names, credit card numbers, expiration dates, CVVs, billing addresses, and email addresses. It’s crucial to note that not all EatStreet users had their payment info compromised.

For Restaurants and Delivery Partners

  • Business information: Names, addresses, phone numbers, email addresses, and bank account information (including routing numbers) for some partners.
  • Operational information: Depending on the partner type, this could include delivery zone data, menu details, order history, etc.

What Are the Potential Risks for Customers of Food Ordering Services?

Customers of food ordering services face the risk of identity theft, financial fraud, and unauthorised use of their personal information. The exposure of sensitive data, such as credit card numbers and billing addresses, can have serious implications for the affected individuals.

How Can Customers Protect Their Data When Using Food Ordering Services?

Customers can protect their data by adopting security best practices, such as using unique and strong passwords, enabling multi-factor authentication, and monitoring their financial accounts for any suspicious activity. Additionally, staying informed about data breach notifications and promptly taking appropriate actions is crucial for safeguarding personal information.

What Steps Are Food Ordering Services Taking To Enhance Security After the Data Breach?

Following the data breach, food ordering services, including EatStreet, have enhanced their security measures to prevent future breaches. This includes reviewing and updating coding practices, implementing multi-factor authentication, and strengthening their infrastructure to protect customer data from potential threats.

What Should Customers Do if Their Data Was Compromised in the EatStreet Data Breach?

data breach

Customers who suspect that their data may have been compromised during the EatStreet data breach should take immediate steps to mitigate the potential risks associated with the incident.

If you believe your data was compromised in the EatStreet data breach, here are crucial steps to take:

  1. Monitor Your Credit Reports and Financial Accounts:
    • Review your credit reports from all three major credit bureaus (Experian, Equifax, and TransUnion) for any unauthorised activity or new accounts opened in your name. You can obtain free credit reports annually at AnnualCreditReport.gov.
    • Carefully scrutinise your bank and credit card statements for any unusual transactions you don’t recognise.
    • Report any fraudulent activity promptly to your financial institutions and credit bureaus to initiate dispute resolution and protect your accounts.
  2. Change Your Passwords:
    • Immediately change your EatStreet password if you haven’t already done so.
    • Update any other accounts that use the same or similar password as your EatStreet account. This includes email accounts, social media profiles, banking sites, and other online services.
    • Create strong, unique passwords for each account using a combination of upper and lowercase letters, numbers, and symbols.
    • Consider using a password manager to securely store and manage your passwords.
  3. Consider a Credit Freeze or Fraud Alert:
    • Place a credit freeze on your credit reports to restrict access to your credit information and make it more difficult for identity thieves to open new accounts in your name.
    • Add a fraud alert to your credit reports, which notifies lenders to take extra steps to verify your identity before approving any new credit applications.
  4. Be Alert for Phishing Scams:
    • Be cautious of emails, text messages, or phone calls that appear to be from EatStreet or any other organisation related to the breach.
    • Never click on links or open attachments in suspicious messages, as they could contain malware or lead to phishing websites.
    • Directly visit official websites or call customer service numbers to verify any communications you receive.
  5. Additional Protective Measures:
    • Enable two-factor authentication (2FA) on your accounts whenever possible. This adds an extra layer of security by requiring a code from your phone or email in addition to your password when logging in.
    • Regularly review your account statements and privacy settings on all your online accounts to ensure your information is protected.
    • Stay informed about data breaches and cybersecurity best practices to protect yourself from future attacks.
  6. Consider Legal Action:
    • If you believe you’ve suffered financial losses or other damages due to the breach, you may explore legal options, such as joining a class action lawsuit or seeking individual legal counsel.

How Can Customers Find Out if Their Data Was Compromised?

Customers can check for any breach notifications or communications from EatStreet regarding the data breach. It is essential to stay informed about potential exposure and take necessary precautions to safeguard personal information.

What Actions Should Customers Take if Their Data Was Compromised?

If customers believe that their data was compromised, they should closely monitor their financial accounts, report any suspicious activity to their respective banks, and consider placing a fraud alert or freezing their credit reports to prevent unauthorised access.

After a data breach, companies like EatStreet are legally obligated to provide timely and comprehensive breach notifications to affected customers. They may also face potential legal repercussions, fines, and damage to their reputation due to the mishandling of customer data.

How Can Food Ordering Services Prevent Future Data Breaches?

Preventing future data breaches is critical for the integrity and security of food ordering services. Implementing robust security measures and best practices helps protect customer data from unauthorised access and potential exploitation.

What Security Measures Can Food Ordering Services Implement To Protect Customer Data?

Food ordering services can implement encryption protocols, secure data storage, and access controls to safeguard customer data from unauthorised access. Regular security audits and assessments also help identify and address potential vulnerabilities in the system.

How Crucial Is the Use of Multi-Factor Authentication in Food Ordering Services?

Multi-factor authentication plays a crucial role in enhancing security for food ordering services by requiring additional verification steps beyond passwords. This additional layer of security helps prevent unauthorised access, reducing the risk of data breaches and unauthorised account access.

Strategies for Data Breach Prevention: Keeping Your Information Safe
Strategies for Data Breach Prevention: Keeping Your Information Safe

What Role Do Developers and Coding Practices Play in Securing Food Ordering Services?

Developers and coding practices have a significant impact on the security of food ordering services. Adhering to secure coding practices, conducting regular code reviews, and implementing secure coding standards help minimise vulnerabilities and reduce the risk of exploitation by malicious actors.

What Are the Consumer Rights Regarding Data Breach Notification?

Consumers have certain rights and expectations regarding data breach notifications from companies that handle their personal information. Clear and timely communication about data breaches is essential for consumers to take appropriate measures to protect their privacy and mitigate potential risks.

What Recourse Do Consumers Have if Companies Fail To Properly Notify Them of a Data Breach?

If companies fail to provide timely and accurate breach notifications, consumers have the right to pursue legal recourse, file complaints with relevant regulatory authorities, and seek compensation for any damages or losses resulting from the inadequate handling of the data breach.

Remember, if you’re concerned about your data being compromised in the EatStreet breach, it’s best to be proactive and take steps to protect yourself, such as monitoring your credit reports and changing passwords for any potentially affected accounts.