EatStreet Data Breach Risks Customers, Restaurants, Deliverers’ Information

EatStreet Data Breach Risks Customers' Information

In May, EatStreet experienced a data breach that compromised certain customers', restaurants', and deliverers' information. The service just recently disclosed the security breach.

EatStreet, an online and mobile food ordering service, recently disclosed a security breach that took place between May 3 and May 17.

The hacker, who is believed to be a hacker named Gnosticplayers, had access to EatStreet's database between these dates and through this was able to access information about delivery and restaurant partners, such as names, addresses, phone numbers, and email addresses, as well as bank accounts and routing numbers.

For a limited number of customers, the hacker accessed payment card info, including names, credit card numbers, expiration dates, card verification codes, billing addresses, email addresses, and phone numbers.

EatStreet has taken multiple notification measures to ensure everyone affected is informed. There are no law enforcement agencies involved in the ongoing investigations.

"We have enhanced the security of our systems, including reinforcing multi-factor authentication, rotating credential keys, and reviewing and updating coding practices," EatStreet said in a breach notification.

Colin Little, senior threat analyst at Centripetal Networks, said that it's unfortunate that some customers used this service for a simple food delivery and now their banking information may be compromised.

"The case of the EatStreet breach is a doomsday scenario for the average consumer where a service was used for convenience of necessity, and ended up causing a major threat to the consumer's interests," Little said. "With the number of mobile or cloud-based consumer services a person leverages day to day and the two-week time-to-detect for complete access to a database that contains some of the most sensitive PII, this event shows that consumers deserve organizations who will proactively hunt for threats to minimize the risk to consumer data."

Lisa Baergen, vice president of marketing at NuData Security, a Mastercard Company, said that once the data is stolen, it's detrimental to not only the target company, but all organizations because the hacker can make fraudulent purchases or facilitate further cybercrime. She said in light of this, organizations must figure out how to lock down their security to keep customers and other organizations secure.

"By using security layers with behavioral analytics and passive biometrics, businesses can look across multiple aspects of the user's interaction, instead of relying solely on the username, password, and other static data which could have been stolen," Baergen said. "Such techniques devalue phishing attacks and other techniques to extract data from legitimate consumers, as this is not enough to access a victim's account or make illegitimate purchases."

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3