Online grocery delivery platform, Weee! has suffered a massive data breach, with 11 million of its customers’ delivery information being leaked online.
The information, uploaded to a database by an unknown attacker, included crucial details such as users’ first and last names, emails, phone numbers, home addresses, delivery types, devices, and dates.
Some of the logs even had notes left by customers for couriers, including codes to enter residential or office buildings.
IntelBroker’s present avatar has been active on the forum since October 2022. Its previous targets include Verizon, Autotrader, Volvo, Hilton Hotels, AT&T, and USCellular.
Weee! is yet to respond to the queries from The Cyber Express regarding the security incident.
Weee! Data Breach explained
The data breach appears to be the work of the same individual who had previously leaked stolen information from US Cellular. In the recent leak announcement, the hacker referred to the victim as “Sayweee,” which is the name of Weee! ‘s website.
The platform specializes in providing Hispanic and Asian food delivery services and operates throughout most of the US, with its delivery app being downloaded over 2.6 million times. The sensitive information leaked in this breach, referred to as personally identifiable information (PII), could be used by hackers for various malicious purposes.
This includes matching first and last names with accurate email addresses, exposing user identities on other online services and putting users at a higher risk of scams, spear phishing, tracking, and unwanted contact. The PII could even be used to commit identity fraud.
Why are hackers targeting grocery apps?
Grocery delivery services have gained immense popularity in recent years, providing customers with the comfort of shopping from their homes. But with the rise of these platforms, security concerns have also risen, as they are becoming a favored target for cybercriminals.
One primary reason that makes grocery delivery apps a prime target is the personal data they hold.
These apps require users to furnish a considerable amount of personal information, such as names, addresses, phone numbers, and payment details, making it an attractive commodity for hackers to exploit for identity theft, fraud, and other malicious activities.
The connection these apps have to payment systems, and the storage of sensitive financial data also makes them a popular pick for hackers looking to steal credit card information.
Furthermore, relying on third-party service providers for payment processing can open up security loopholes, providing a window of opportunity for cybercriminals to access the app and the user’s information.
With the growing popularity of these services, the potential rewards for hackers who successfully breach the system continue to grow.
To combat these risks, it’s essential for users to be cautious when it comes to the information they share and to only use trusted platforms.
On the other hand, it’s crucial for app developers to prioritize security and update their systems regularly to stay ahead of potential threats.