Rashmi Daga, Founder & CEO, FreshMenu; via fortuneindia.comAs reported by Cybernews lately, Bengaluru-based popular food delivery service platform FreshMenu has exposed over 3.5 million order details along with sensitive customer information including phone numbers, Emails, Names, Billing and Shipping addresses, and IP addresses.
According to the report, the Cybernews research team claims that a 26 GB strong MongoDB database containing the data was not secured with a password – making it vulnerable to public exposure.
Though the database wasn’t exposed for more than 2-3 days period, it takes only a few seconds for the threat actors to dump discovered open sets of data using automation, and companies need to make sure that sensitive information is always hidden from the public eye.
JOIN US TO STAY UPDATED ON YOUR FAVORITE MESSENGER APP!
On December 14, Cybernews sent out a note regarding the data leak to FreshMenu and also requested an on-the-record comment but received no reply – noting that the database is now secured.
“The exposed data provides threat actors with the potential to engage in identity theft, phishing attacks, and targeted scams. The comprehensive nature of the leaked information could enable malicious actors to exploit customer vulnerabilities, compromise privacy, and potentially perpetrate fraudulent activities,” says the Cybernews research team
ⓘ As part of our ongoing support for startups and SMEs, LAFFAZ Media publishes feature and resource articles that may include references and links to external websites. These inclusions are selected at our editorial discretion to provide valuable information to our readers. LAFFAZ Media does not control, endorse, or assume responsibility for the content or practices of external websites. For more details, please refer to our Terms and Conditions.
