Chowbus, an Asian food delivery startup owned by Fantuan Group, Inc., just suffered a massive data breach a couple of days ago. They have verified the intrusion and the amount of sensitive data that was compromised during the said breach.
The initial assessment of the breach does not show the exact nature of the intrusion. However, the company was able to immediately identify that some user data was accessed illegally and that they are working on mitigating the issue. They are also claiming that no financial information, credit card details, and user passwords were compromised during the said intrusion.
Chowbus is a food delivery service provider based in Chicago, Illinois. Although it’s based in the U.S., it has quickly expanded its services in Canada and Australia after receiving its investors’ funds.
The company did not quickly disclose the number of affected customers. Still, a follow-up investigation from security researchers shows initial estimates of nearly a Million customer records, and almost 500,000 unique email IDs were compromised in the data breach. Customer records include complete names, email accounts, and phone numbers of their customers in the U.S., Canada, and Australia. But that doesn’t take the cake for Chowbus. The actual shock was on how their customers found out about the data breach.
A local Chicago news publishing firm reported that several customers of Chowbus posted the incident via Twitter, saying that they have received several emails with the title “Chowbus Data.” Much to these customers’ surprise, the message included download links to the company’s database – which contained sensitive data about the company, several critical business-related information, and customer data.
The company’s CEO, Linxin Wen, immediately sent an advisory to all of their customers about the intrusion just last Tuesday. The statement reads:
Chowbus users were immediately advised to alter and secure their passwords upon receiving the message.
According to security researchers, these kinds of attacks are not that rare. There have been numerous similar occurrences inclined on angles such as political reasons, financial gain, and even plain old misreputation. Hackers and other threat actors are always on the watch for anonymous and interested parties willing to pay huge money to destroy business competitions, wreak havoc on an employer, and many others.
The takeaway in such incidents is the need for better cybersecurity for your business and yourself.