put the complete database up for sale on the Internet

The hack is much more severe than that of Phone House, during which 1 in 4 Spaniards was current. In the case of Glovo, the database obtained by the hackers is complete, and contains extraordinarily harmful knowledge comparable to the password or the Credit Card Number of customers, in addition to knowledge of distributors, clients, orders, shops, related firms, and so forth. Specifically, based on hackers, the obtainable knowledge is:

  • Full title
  • Birthday
  • Email
  • Password encrypted with SHA256
  • Phone quantity
  • Physical tackle
  • Postal Code
  • Credit card, expiration date and CVC
  • DNI
  • IBAN of the checking account

In the following picture we are able to see a few of this knowledge because it seems in the database, a part of which we have now censored the knowledge. The consumer that seems had two financial institution playing cards registered, with their corresponding expiration date and CVC:

In addition to having that knowledge of all customers, hackers even have the administrator customers and passwords, the place passwords are skipped. Regarding the sellers, the knowledge they’ve is the following, the place the hackers checklist it with an “and so forth” at the finish, so there might be much more data:

  • Full title
  • E-mail
  • Password encrypted with SHA256
  • Transport technique
  • Postal Code
  • Physical tackle
  • IBAN of the checking account
  • DNI
  • Date of delivery
  • Photo of the id doc

480 GB knowledge, passwords and playing cards included

The database has 480 GB of uncompressed knowledge, providing in 60 GB compressed. The hackers provide two samples of three customers of the app and three distributors. They additionally provide sneak peek assessments of the admin panel and database upon request, however will solely be provided to consumers who present they’re severe. Nor will they manually confirm the title of a consumer, and solely promote knowledge in bulk or from a particular nation, with Spain being its foremost market, though it already has a presence in 28 international locations.

Just a few days in the past a lowered model of the database was put on sale that occupied solely 180 GB, however now the complete database is already obtainable. In the case of Phone House, the database was made obtainable to any consumer on the hacking group’s web site on the Dark Web, however these hackers appear to need to get some income from it.

Change the password and cancel the card

Thus, not like what occurred in Phone House, right here it is extremely essential to alter the password in Glovo and in another service the place we have now used it, since, though it makes use of very sturdy encryption, the most conventional factor in these conditions is that they get undo encryption and get the password in plain textual content.

At the identical time, it could even be a good suggestion to alter the bank card quantity and cancel the one we have now utilized in Glovo. With the account quantity and all of our private data, hackers can impersonate us to Borrow cash or perform any form of suspicious exercise. For instance, they’ll register this card in Amazon or in any retailer and, with our full title, date and CVC, they’ll perform purchases, so you will need to overview the exercise in our checking account to keep away from scares.

At the authorized stage, there may be not a lot we are able to do in opposition to Glovo for exposing the knowledge, however in the occasion that cash is stolen from the account, a lawsuit might be filed. Glovo reported the improper entry to the AEPD, however mentioned no card knowledge had been stolen. Unfortunately, plainly this has not been the case, and if theft happens with this knowledge, Glovo may face the fee of many compensations.