6 May 2021

Spanish delivery startup Glovo suffers a cyberattack


Spanish delivery startup Glovo suffers a cyberattack

A hacker compromised systems of Spanish rapid-delivery startup Glovo and reportedly attempted to sell stolen credentials of its customers and distributors on the Internet.

Glovo is a Barcelona-based company that delivers everything from food to household supplies to some 10 million users across 20 countries.

According to the company, the security breach took place on April 29 when a hacker gained access to its systems via an old administrator platform, and the attack was blocked as soon as it was detected.

“We can confirm that no access was gained to client card data, as Glovo does not save or store such information,” Glovo said.

The hack came to light earlier this week when Forbes reported that a hacker was selling access to Glovo customer and courier accounts, with the ability to change their passwords. The breach was discovered by the cybersecurity firm Hold Security that found screenshots and videos from a hacker showing off access to the computers used to manage Glovo accounts.

Glovo said it has contacted the Agencia Española de Protección de Datos (AEPD), Spain’s data protection authority, over the incident and that the data was “only accessible via a successful log-in by an account with sufficient permissions. All personal data at rest in our systems is encrypted.”

Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021