The credentials of clients and distributors of the platform Glovo in Spain they have appeared for sale in Internet, as a result of a security breach that the company is currently investigating.
Unauthorized third party actors accessed Glovo’s systems through the user interface. an old admin panel. From there they managed to obtain a database with the credentials of the customer and delivery accounts.
The information was put up for sale in the ‘dark web’, where it was found by the Head of Technology and founder of Hold Security, Alex Holden, who reported this event to Forbes. The shared videos and screenshots showing access to the Glovo account management.
Glovo was notified of this breach last Thursday and a day later it blocked access to the affected system. This Monday, May 3, he confirmed the ‘hack’ and the solution of the security problem.
“On April 29 we detected the unauthorized third party access to one of our systems“Glovo has acknowledged in a statement sent to Europa Press, in which it confirms that the access occurred through an old interface of the administration panel.
“As soon as we were aware, we immediately took action, blocking unauthorized third party access and implementing additional measures to protect our platform “, the company has assured.
However, and according to the aforementioned medium, the data of users and distributors were still for sale on the Internet, with the potential to modify the password of the accounts.
The company has confirmed that no data from Credit cards of its clients, since this information is not stored, and it has also ensured that it is investigating what happened and that it has contacted the Spanish Agency for Data Protection.