Skip to Content
EatStreet hacked personal data stolen breach
Security & privacy

Hacker steals financial data from online food delivery service – check your accounts

We’re not even quite halfway into 2019 and billions of records have already been exposed through various data breaches. And those are just numbers from the breaches we’re aware of.

And no type of business or agency has been immune. Just this year, breaches have impacted social media platforms, retailers, medical-related businesses, financial institutions and government agencies at every level.

Those breaches also impact restaurants and other foodservice related platforms, like this latest incident involving a popular ordering and delivery service where a hacker obtained customers’ basic details and payment information. And according to reports, it’s the same hacker responsible for attacking a number of other sites.

Online food delivery service records hacked

EatStreet, a Madison, Wisconsin-based online food ordering and delivery service is one of the latest businesses to be targeted by cybercriminals. If you’re not familiar, it’s part of a growing industry in food delivery that includes other big names like Uber Eats, Postmates, DoorDash and Grubhub.

Its Android app has more than 100,000 installs and according to information on its website, EatStreet works with more than 15,000 restaurants in over 250 cities across the country. So depending on where you live, there’s a decent chance EatStreet is one of those delivery options.




This week the company released details of a “security incident” saying its database was breached on May 3 and continued until the intrusion was discovered on May 17.

EatStreet has since secured the database, but not before sensitive info for a “limited number of diners” who placed food orders via the site or app was stolen that included names, addresses, email addresses and phone numbers. Unfortunately, it also included payment details such as credit/debit card numbers, expiration dates, billing addresses and verification codes.

Data was also stolen from EatStreet’s partner restaurants and third-party delivery services. That info included names, phone numbers, email address along with bank account and routing numbers.

Hacker tied to other breached sites

In a conversation with ZDNet last month, hacker “Gnosticplayers” took credit for not only the EatStreet breach before it was disclosed, but other companies like UnderArmour and social planning site Evite (click or tap here to read more about the Evite breach).

EatStreet didn’t disclose how many people or businesses were impacted, but Gnosticplayers boasted to ZDNet that he took over 6 million records from company servers. That hacker has reportedly stolen over a billion user credentials from nearly 50 different companies and put them up for sale on the dark web.

As far as EatStreet goes, it says it’s hired a “leading external IT forensics firm” to investigate. It also said it’s enhanced its security by reinforcing multi-factor authentication and updating coding practices.

Monitor your accounts to protect your data

Thankfully, not every breach rises to the level where it impacts tens of thousands of people, millions — or more. Regardless, exposed data and even smaller breaches can put your sensitive info at risk.

EatStreet has been notifying customers and partners affected, as most breached companies do, but it’s still up to you to monitor your accounts for unusual activity including purchases and credit inquiries. Keep an eye on your credit report and in extreme cases of identity theft, you have the option of freezing your credit.

Aside from financial details, take additional steps to protect your various online accounts. That includes using different passwords for each and enabling two-factor authentication when it’s available.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me