A cybercriminal has controlled to break into the Spanish delivery startup Glovo, valued at 2,000 million dollars. The hacker was promoting access to customer accounts and couriers, with the ability to replace their passwords, the company told Forbes that it has no knowledge of credit cards having been stolen.
This comes just a month after Glovo, which targets Europe’s Amazon, a rival also capable of delivering it all, announced a massive round of $530 million, raising its overall funding to more than a billion dollars and strengthening plans to attract corporate audiences in the coming years.
Forbes alerted to the breach through Alex Holden, a leader generation officer and founder of Hold Security, who tracks malicious hackers into the darkest corners of the web. He discovered screenshots and videos of a hacker appearing with access to the computers used to manage Glovo’s accounts. After transmitting them to Forbes and one of the affected users proved that they were members of Glovo, the breach disclosed to the corporate on Thursday, on Monday Glovo showed the hack, claiming that it had solved the problem, even while the hacker continued to do so. sell access to the startup’s PC systems.
“On April 29, we were informed of an unauthorized third party through a malicious external actor to one of our systems,” a spokesperson said.
“The actor in question was able to access it through a previous admin panel interface. As soon as we discovered this suspicious activity, we took swift action to block any further access through an unauthorized third party and put in place further measures to protect our platform.
“While we are investigating further lately, we can verify that no knowledge of the visitor card has been accessed, as we retain or purchase such information. “
The company contacted the Spanish Data Protection Agency (AEPD), the Spanish knowledge coverage authority. “We will provide them with all the data they want for their investigation. Glovo’s spokesman added that they may not reveal any more data about the nature of the breach or the types of knowledge that have been compromised as a result of the hacking.
Holden told Forbes that he feared that, as of Monday, the hacker would still promise shoppers access to Glovo’s systems and data, and that the data gave the impression of not being encrypted for any strangers who might enter. been exposed.
A Glovo spokesperson said knowledge “is only available through a successful login through an account with sufficient permissions. All non-public knowledge at rest on our systems is encrypted. “
They added that the company had blocked access to the affected formula on Friday morning, after the firewall was placed. “As a result, the formula is no longer accessible. We then conducted a log investigation to look for symptoms of a knowledge leak and assess the prospective volume of such a leak. We discovered evidence of unauthorized access to the formula, verifying the presence of the hacker, but we did not discover evidence to verify an export of knowledge.
“During the pandemic, the delivery of food, groceries and medicine is for many. Therefore, this violation is particularly worse than it would have been before,” Holden added.
“There are many angles of fraud and abuse that can arise from this data, but perhaps, more importantly, a violation of the privacy of consumers and couriers. “
I am an associate editor at Forbes, which covers security, surveillance and privacy. I am also editor of The Wiretap newsletter, whose exclusive articles on the genuine world
I am an associate editor at Forbes, which covers security, surveillance and privacy. I’m also the editor of The Wiretap newsletter, which includes exclusive articles on real-world surveillance and all the biggest cybersecurity stories of the week. each and every Monday and you can register here: https://www. forbes. com/newsletter/thewiretap
I have been making news and writing articles on these topics for primary publications since 2010, as a freelancer, I have worked for The Guardian, Vice, Wired and the BBC, others.
Let me know about Signal/WhatsApp/anything you need to use at the 447782376697. Si you are Threema, you can succeed with me on my id: S2XY9B9U.
If you need to tip me with something delicate, contact us at Signal or Threema and we can use OnionShare. It’s wonderful for the percentage of documents privately. See here: https://onionpercentage. org/