Foodmandu, one of the largest food delivery platform in Nepal, users data was breached last night. A twitter handle by the name of Mr. Mugger, has dumped 50 thousand data related to Foodmandu’s users and a link associated to the data has been disclosed as well. The disclosure in particular, includes Names, Address, Emails and Phone Numbers of the associated users.
Foodmandu has released a statement regarding this matter. According to the statement, they detected a cyber-attack by a hacker, which resulted in the unauthorized breach of customer data. The tweet was posted last night at 1:40 pm.
— Foodmandu (@foodmandu) March 8, 2020
Foodmandu officials have confirmed with us that this was in fact a breach and that they’ve been working to fix the loophole since yesterday night.
As per the officials the database hasn’t been hacked and the hacker has only extracted the users data maliciously through the web.
In the statement, Foodmandu has also confirmed that they are working with the Cyber Crime Division of Government to apprehend the attackers and take down the data that has been uploaded.
A copy of that statement has been attached to the article below.
The tweet Mr. Mugger reads, “Foodmandu 50K User Details Dump. So here it is, imma be real I am tired of how they neglect the security vulns. The Database consists of more than 150K User’s Personal Details, Latitude -Longitude, Address, and email. However, the demo is filtered.”
A copy of this attachment is posted below.
Also, when considering the last line, “However, the demo has been filtered.”, it could be possible that Mr. Mugger has access to more than just the listed items. The filtered subsection, could in fact include passwords as well.