6 May 2021

Spanish delivery startup Glovo suffers a cyberattack


Spanish delivery startup Glovo suffers a cyberattack

A hacker compromised systems of Spanish rapid-delivery startup Glovo and reportedly attempted to sell stolen credentials of its customers and distributors on the Internet.

Glovo is a Barcelona-based company that delivers everything from food to household supplies to some 10 million users across 20 countries.

According to the company, the security breach took place on April 29 when a hacker gained access to its systems via an old administrator platform, and the attack was blocked as soon as it was detected.

“We can confirm that no access was gained to client card data, as Glovo does not save or store such information,” Glovo said.

The hack came to light earlier this week when Forbes reported that a hacker was selling access to Glovo customer and courier accounts, with the ability to change their passwords. The breach was discovered by the cybersecurity firm Hold Security that found screenshots and videos from a hacker showing off access to the computers used to manage Glovo accounts.

Glovo said it has contacted the Agencia Española de Protección de Datos (AEPD), Spain’s data protection authority, over the incident and that the data was “only accessible via a successful log-in by an account with sufficient permissions. All personal data at rest in our systems is encrypted.”

Back to the list

Latest Posts

ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024
E-Root Marketplace operator sentenced to 3.5 years in prison

E-Root Marketplace operator sentenced to 3.5 years in prison

It is estimated that over 350,000 compromised credentials were listed for sale on the E-Root Marketplace.
18 March 2024