Serious security breach for the food delivery app Glovo, that has been affected by an unauthorized access by a hacker that could have stolen personal data and access credentials of tens of millions of clients, drivers and employees. Since lot of time Federprivacy has raised a lot of doubts on the compliance to the GDPR of personal data processing carried out by Glovo and other food delivery apps, and not by change on the last year the same Glovo has been sanctioned by the Spanish Data Protection Authority because it has forget to designate the data protection officer.
The information issued from Bloomberg, which mentions as the source the Italian security society of Yarix, which has affirmed to have the proofs that cyber criminals have already sold into the Dark Web: it would amount to a complex volume of 163GB of data which includes names, phone numbers, passwords and information connected to payments systems. The archive will be sold for a total amount of 85.000 dollars.
A spokesman of the Spanish company Glovo has declared that “even if the third part not authorized was able to have the access to IBAN numbers and to fiscals identifications, we can confirm that its has not being carried out any access to data of credit or debit cards”. On the past 4th of May some information on a security breach to Glovo circulated, but it is not clear if those two episodes are connected or are two different accidents.
While we are waiting to see developments of the situation and which will be the intervention of the Supervisory Authority, it is unknown if Italian users are affected, but the advice for who is using Glovo is to change the password of the account and to control card movements in order to verify that there are not any anormal charges, provided that we trust to provide personal data and personal bank information to a society to which seems that the privacy of users don’t really care.
SOURCE: FEDERPRIVACY