[BreachExchange] Spanish delivery startup Glovo hit by cyber attack

[Destry Winant]

https://www.reuters.com/technology/spanish-delivery-startup-glovo-hit-by-cyber-attack-2021-05-04/

A hacker broke into the systems of Spanish rapid-delivery startup Glovo
last week, it said on Tuesday, without specifying what information might
have been accessed.

Valued at over $1 billion, Barcelona-based Glovo delivers everything from
food to household supplies to some 10 million users across 20 countries.

The hacker gained access to a system on April 29 via an old administrator
platform but was ejected as soon as the intrusion was detected, Glovo said.

"We can confirm that no access was gained to client card data, as Glovo
does not save or store such information," the company said in an emailed
statement.

Media company Forbes reported earlier, citing cyber security firm Hold
Security which it said found the breach, that the hacker was selling login
credentials for customer and courier accounts, with the ability to change
their password.

The company did not immediately respond to a request for comment on the
hacker's motives. Hold Security could not immediately be reached for
comment.

The attack comes less than a month after Glovo raised 450 million euros
($541 million) in funding, riding a wave of interest in delivery services,
which have boomed during the COVID-19 pandemic. read more

With such platforms increasingly in the spotlight, regulators and
governments are beginning to address working conditions and privacy issues
in the so-called gig economy. read more

A Spanish court ruled last year that Glovo workers were employees and not
freelancers, while the government is proposing legislation to give unions
access to the algorithms tech companies use to manage their workforce.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210512/04f29a8d/attachment.html>