At the end of April, Glovo suffered a cyberattack that allowed cybercriminals access to personal data of the clients and also of the workers. The Barcelona-based home delivery company confirmed that it had been hacked, but theft of bank account data was initially ruled out.
However, it appears that the attackers they did have access to clients’ financial information. Law of the Network reports that hackers who have put Glovo’s stolen database up for sale on the Dark Web claim that the Customers’ credit or debit card number is included in the file.
The seller claims that we can find administrator accounts with passwords, ID and bank details.
At the time the security breach was discovered, its magnitude was unknown, but now it is far more worrisome than it first appeared. After a reduced version of the database with a size of 180 GB is on sale, attackers now commercialize the entire database.
Specifically, the file is auctioned on the Dark Web and contains 480 GB of personal data of Glovo users, including: name and surname, email, address, date of birth, hashed passwords (irreversible encryption), ID, bank accounts and credit or debit card details registered in the application.
What do I do if I am a Glovo user?
If you are a Glovo user, the first thing you have to do is change your password as soon as possible. in case you didn’t a few weeks ago when the hack was detected. Immediately after this, you should change the password in all the services that we have the same as in the Glovo account, and notify your bank of the problem to be attentive to any suspicious movement in your account. At the moment, we do not consider it necessary to change bank account, but it would not be anything unreasonable either, although this data probably ends up in the hands of more people and not just a single buyer.
Sign up for our newsletter and receive the latest technology news in your email.