FreshMenu exposes 3.5mn users' data containing sensitive info: Report

By IANS | Updated: January 25, 2024 19:35 IST2024-01-25T19:31:00+5:302024-01-25T19:35:08+5:30

New Delhi, Jan 25 Foodtech platform FreshMenu has exposed data of more than 3.5 million users, containing order ...

FreshMenu exposes 3.5mn users' data containing sensitive info: Report | FreshMenu exposes 3.5mn users' data containing sensitive info: Report

FreshMenu exposes 3.5mn users' data containing sensitive info: Report

New Delhi, Jan 25 Foodtech platform FreshMenu has exposed data of more than 3.5 million users, containing order details along with sensitive customer information, which includes phone numbers and food delivery addresses, a new report has revealed.

As per the Cybernews research team, FreshMenu, which delivers food to Bengaluru, Mumbai, Gurugram, and Delhi, has exposed its customer data to the public.

The researchers discovered a 26GB MongoDB database without protected with a password, which could have been accessed by anyone.

The database included over 3.5 million orders. Along with users' order details, the company also exposed customer data, including -- names, emails, phone numbers, billing & shipping addresses, and IP addresses.

As per the researchers, the database wasn’t exposed for long -- only around 2-3 days.

"The exposed data provides threat actors with the potential to engage in identity theft, phishing attacks, and targeted scams. The comprehensive nature of the leaked information could enable malicious actors to exploit customer vulnerabilities, compromise privacy, and potentially perpetrate fraudulent activities," the researchers noted.

Last week, researchers uncovered a highly sophisticated cyber-espionage campaign -- 'Operation RusticWeb', which the threat actors are using to target various personnel within the Indian government to steal confidential documents.

The campaign, first detected in October 2023, uses Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor

Open in app