NewsBizkoot.com

BUSINESS News for MILLENIALAIRES

FreshMenu exposes 3.5mn users’ data containing sensitive info: Report

2 min read
FreshMenu exposes 3.5mn users’ data containing sensitive info: Report
FreshMenu Exposes 3.5mn Users' Data Containing Sensitive Info: Report

FreshMenu Exposes 3.5mn Users’ Data Containing Sensitive Info: ReportIANS

Foodtech platform FreshMenu has exposed data of more than 3.5 million users, containing order details along with sensitive customer information, which includes phone numbers and food delivery addresses, a new report has revealed.

As per the Cybernews research team, FreshMenu, which delivers food to Bengaluru, Mumbai, Gurugram, and Delhi, has exposed its customer data to the public.

The researchers discovered a 26GB MongoDB database without protected with a password, which could have been accessed by anyone.

The database included over 3.5 million orders. Along with users’ order details, the company also exposed customer data, including — names, emails, phone numbers, billing & shipping addresses, and IP addresses.

How Secure Is Your Password? Here's a List Of 2014's Worst Passwords; Tips On Choosing Strong Passwords

FreshMenu Exposes 3.5mn Users’ Data Containing Sensitive Info: ReportReuters

As per the researchers, the database wasn’t exposed for long — only around 2-3 days.

“The exposed data provides threat actors with the potential to engage in identity theft, phishing attacks, and targeted scams. The comprehensive nature of the leaked information could enable malicious actors to exploit customer vulnerabilities, compromise privacy, and potentially perpetrate fraudulent activities,” the researchers noted.

Last week, researchers uncovered a highly sophisticated cyber-espionage campaign — ‘Operation RusticWeb’, which the threat actors are using to target various personnel within the Indian government to steal confidential documents.

The campaign, first detected in October 2023, uses Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.

(With inputs from IANS)

About Author