Foodtech platform FreshMenu has exposed data of more than 3.5 million users, containing order details along with sensitive customer information, which includes phone numbers and food delivery addresses, a new report has revealed.
As per the Cybernews research team, FreshMenu, which delivers food to Bengaluru, Mumbai, Gurugram, and Delhi, has exposed its customer data to the public.
The researchers discovered a 26GB MongoDB database without protected with a password, which could have been accessed by anyone.
The database included over 3.5 million orders. Along with users’ order details, the company also exposed customer data, including — names, emails, phone numbers, billing & shipping addresses, and IP addresses.
As per the researchers, the database wasn’t exposed for long — only around 2-3 days.
“The exposed data provides threat actors with the potential to engage in identity theft, phishing attacks, and targeted scams. The comprehensive nature of the leaked information could enable malicious actors to exploit customer vulnerabilities, compromise privacy, and potentially perpetrate fraudulent activities,” the researchers noted.
Last week, researchers uncovered a highly sophisticated cyber-espionage campaign — ‘Operation RusticWeb’, which the threat actors are using to target various personnel within the Indian government to steal confidential documents.
The campaign, first detected in October 2023, uses Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.
(With inputs from IANS)