Glovo hacked and customer details put for sale on the internet
Glovo have confirmed that private data and credentials of their clients, and delivery people, in Spain have appeared for sale on the Internet, as a result of a security breach that the company is currently investigating. They were hacked and unauthorized third-parties accessed Glovo's systems through the interface of an old admin panel. From there they were able to obtain a database with the credentials customer and delivery accounts.
The information was put up for sale on the 'dark web' with shared videos and screenshots showing access to the Glovo account management, where it was found by the head of Technology and founder of Hold Security, Alex Holden, who reported it to Forbes.
Glovo was notified of this security breach last Thursday and the next day it blocked access to the affected system. On Monday (May 3rd), he confirmed the 'hack' and the solution of the security problem.
"On April 29th we detected unauthorized access by a third party to one of our systems," Glovo acknowledged in a statement sent to Europa Press, in which it confirmed that the route of the access through an old interface of the administration panel.
"As soon as we were aware, we took immediate action, blocking the unauthorized third party access and implementing additional measures to protect our platform," the company assured.
Other articles that may interest you...
However, and according to Europa Press, the data of users and distributors were still for sale on the Internet, with the potential for purchasers to modify the password of the accounts.
Glovo claim that no credit card data of its customers was accessed, since this information is not stored, and has also assured that it is investigating what happened and that it has contacted the Spanish Agency for Data Protection.