The credentials of clients and distributors of the Glovo platform in Spain have appeared for sale on the Internet, as a result of a security breach that the company is currently investigating.
Unauthorized third-party actors accessed Glovo’s systems through the interface of an old admin panel. From there they were able to obtain a database with the credentials of the customer and delivery accounts.
The company has confirmed that no customer credit card data was accessed
The information was put up for sale on the dark web, where it was found by the head of Technology and founder of Hold Security, Alex Holden, who reported this event to Forbes. The shared videos and screenshots showing access to the Glovo account management.
Glovo was notified of this breach last Thursday and a day later it blocked access to the affected system. This Monday, May 3, he confirmed the hack and the solution of the security problem. “On April 29 we detected unauthorized access by a third party to one of our systems”, Glovo has acknowledged in a statement sent to Europa Press, in which it confirms that the access occurred through an old interface of the administration panel .
“As soon as we were aware, we took immediate action, blocking unauthorized third party access and implementing additional measures to protect our platform,” the company assured.
However, and according to the aforementioned medium, the data of users and distributors were still for sale on the Internet, with the potential to modify the password of the accounts. The company has confirmed that no credit card data of its customers was accessed, since this information is not stored, and has also assured that it is investigating what happened and that it has contacted the Spanish Agency for Data Protection.