EatStreet Data Breach Risks Customers, Restaurants, Deliverers’ Information

EatStreet Data Breach Risks Customers' Information

In May, EatStreet experienced a data breach that compromised certain customers', restaurants', and deliverers' information. The service just recently disclosed the security breach.

  • By Kaitlyn DeHaven
  • Jun 19, 2019

EatStreet, an online and mobile food ordering service, recently disclosed a security breach that took place between May 3 and May 17.

The hacker, who is believed to be a hacker named Gnosticplayers, had access to EatStreet's database between these dates and through this was able to access information about delivery and restaurant partners, such as names, addresses, phone numbers, and email addresses, as well as bank accounts and routing numbers.

For a limited number of customers, the hacker accessed payment card info, including names, credit card numbers, expiration dates, card verification codes, billing addresses, email addresses, and phone numbers.

EatStreet has taken multiple notification measures to ensure everyone affected is informed. There are no law enforcement agencies involved in the ongoing investigations.

"We have enhanced the security of our systems, including reinforcing multi-factor authentication, rotating credential keys, and reviewing and updating coding practices," EatStreet said in a breach notification.

Colin Little, senior threat analyst at Centripetal Networks, said that it's unfortunate that some customers used this service for a simple food delivery and now their banking information may be compromised.

"The case of the EatStreet breach is a doomsday scenario for the average consumer where a service was used for convenience of necessity, and ended up causing a major threat to the consumer's interests," Little said. "With the number of mobile or cloud-based consumer services a person leverages day to day and the two-week time-to-detect for complete access to a database that contains some of the most sensitive PII, this event shows that consumers deserve organizations who will proactively hunt for threats to minimize the risk to consumer data."

Lisa Baergen, vice president of marketing at NuData Security, a Mastercard Company, said that once the data is stolen, it's detrimental to not only the target company, but all organizations because the hacker can make fraudulent purchases or facilitate further cybercrime. She said in light of this, organizations must figure out how to lock down their security to keep customers and other organizations secure.

"By using security layers with behavioral analytics and passive biometrics, businesses can look across multiple aspects of the user's interaction, instead of relying solely on the username, password, and other static data which could have been stolen," Baergen said. "Such techniques devalue phishing attacks and other techniques to extract data from legitimate consumers, as this is not enough to access a victim's account or make illegitimate purchases."

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Securing the Future

    Two security experts sit down with Security Today’s editor in chief Ralph C. Jensen to discuss what they see emerging and changing over the next several years along with how security stakeholders can harness these innovations into opportunities. Read Now

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.