Remember meForgot password?
    Log in with Twitter

article imageImplications of the Chowbus data leak revealed Special

By Tim Sandle     Oct 9, 2020 in Technology
A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers. An expert looks into the issue and implications for clients.
Chowbus is a mobile-based food delivery service that allows customers to order food from local restaurants in cities around the U.S., Australia, and Canada. The cyber-attack suffered by the organization came via an email. The message included download links to both a user and restaurant database used by the food delivery service.
Chowbus has explained to customers that they are investigating the hack, but none of the exposed data contained financial information or passwords. However, the stolen data contained customer names, email addresses, phone numbers, and mailing addresses.
Looking into the issue for Digital Journal, Andrew Hollister, Senior Director of LogRhythm Labs & Security Advisor to the CSO at LogRhythm, in your article.
Hollister begins by looking into the nature of the attack: “The Chowbus data leak is unusual in that so far the motive for the breach is not really clear. Typically data stolen from an organization might be used as leverage in a ransomware attack, for social engineering, or sold on the dark web. In this case it appears that the data of both suppliers and customers was simply sent to some or all of the individuals identified in the breach."
He adds that: "Whether the motive will become clear over time remains to be seen, but it’s certainly unusual. Fortunately for both Chowbus and their customers, it appears that neither passwords nor credit card details were included in the breach."
Looking at the wider implications, the expert adds: "Businesses that operate predominantly online and hold large quantities of customer information will always be an attractive target for attackers. Such organizations, whilst following best practice for secure configuration and patching, should also implement continuous monitoring for detection and response. An appropriately configured security monitoring solution that has full visibility into the environment could provide the opportunity to respond to an intrusion before it turns into a damaging data breach."
Furthermore, in terms of learning exercises, Hollister says: "This occurrence once again highlights the importance both of ongoing vigilance, and robust security controls in every business, irrespective of the vertical they operate within. Bad actors will often look for low hanging fruit, and a simple misconfiguration can easily lead to a breach such as this one, often with far reaching consequences for both customers and the breached organization.”
More about Chowbus, data leak, Data loss
Latest News
Top News