Thousands of data of delivery men, workers of different types and customers stolen from Glovo are offered up for auction in the deep web or the “deep internet”, a network that is configured in a specific way and accessed through software other than the usual one.
Last May, Glovo suffered a hack that exposed the credentials of the company’s delivery and customer accounts on the internet.
It is this data that is now being auctioned on the “deep internet”, according to an account specializing in the matter that was first alerted on Twitter.
Specifically, information on more than 5.79 million Glovo customer orders, 37,509 delivery men (who are self-employed), 21,379 company workers and 3,854 incident reports between McDonald’s and the delivery company is sold.
A Glovo spokesperson consulted by Efe has remarked that despite the fact that in May the attacker “was able to access the IBAN numbers for a short period of time”, he was unable to obtain “any customer card data, since Glovo does not store or stores such information and all passwords are encrypted.”
In the case of delivery drivers, the stolen information includes full names, postal addresses, phone numbers, emails, IBANs, and transportation method used.
“At Glovo we take data security very seriously. The investigation of this case ended in 2021, and a full audit of the integrity of our systems was then carried out. We also contacted the Spanish Protection Agency Data Protection Authority (AEPD), the main Data Protection Authority in this case, and we provide them with all the information necessary for their investigation, which also concluded in 2021. After the reappearance of this data, we are taking additional measures to eliminate it,” he added. the company spokesman.