Freshmenu got hacked in July 2016 but decided not to inform their customers

Sushubh

Administrator
[OP]
Oct 29, 2004
417,011
12,940
Gurugram
In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories. When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.
Have I Been Pwned: Pwned websites
 

Jay

Regulars
Sep 4, 2014
319
91
@Sushubh Did you check for your email? Mine isn't listed in the hibp website and I can't find anything in the publicly available dumps either. Not sure what that means.
 

anant.del

Addicts
Regulars
Jan 2, 2010
8,179
396
Even if these newbie co. are not hacked, highly doubt their server is any mkrr secure than any other well know sites out there.

And sites like Lybate, wellnesspathcare etc. seems sell of customer info to make few extra bucks, I kept getting calls and sms from labs etc for at least one year after I registered on these sites.
 


Jay

Regulars
Sep 4, 2014
319
91
No doubt. As a precaution, I recently completely overhauled my digital presence by replacing all emails on sites where I had to register with non identifying emails. The problem is that most of them don't delete the earlier email address and passwords they have on file and when a breach happens they get leaked too.
 
  • Like
Reactions: anant.del

Jay

Regulars
Sep 4, 2014
319
91
I just went back and found the welcome email from freshmenu.

Plain text password as suspected. :cautious:

 
  • Like
Reactions: anant.del