Thousands of sensitive and private data from Glovo’s databases are for sale on the dark web. Bank account information and personal data of customers, employees, ridersas well as a list of incidents with McDonals -one of the company’s partners delivery–.
The information, which has been echoed Daily Dark Web –every day it tracks what company data is put up for sale on the digital black market–, it provides concrete data. Along with Glovo, also the Official College of Officers of the Armed Forces of Spain or Repuestos Fuentes. Specifically, from Glovo, the data is clear. That is: data from 5,790,563, 21,379 employees, 37,509 riders and 3,854 to the popular hamburger chain. From the data, you can know the banking information, including the IBAN of your accounts, as well as your personal data.
Of course, the telephone data and emails of many riders who have operated –and some still operate– in Glovo. Regarding incidents with McDonals, there is information about the orders –as well as the data associated with them– and the reason for the incident. The most sensitive part of this section is the solution that Glovo has given to these incidents. In the filtration you can see if a refund has been made or, on the contrary, they have opted for another mechanism. You can also see the specific orders made, associated with the client, and their details.
How much is Glovo information sold for? The reality is that no price has been put on the data stolen from the technology databases. It is only pointed out, by the anonymous seller, that there will be no more opportunities and that, of course, it will be sold to the highest bidder. hypertextual has contacted Glovo to find out its position on the sale of its data on the dark web, but at the time of publishing this article, the company had not yet issued any official statement.
Now, the next thing to ask yourself is when is this information from? Everything indicates that the origin of the sale of this information lies in the hacking that Glovo suffered almost a year ago. One in which it was already known that the attackers had managed to reach user accounts to change passwords and then sell them, but the magnitude of the attack was not revealed. As reported by the technology at that time, the attack was controlled in a short time.