Foodmandu 50K users data leaked by a hacker

Foodmandu, the top online food delivery site got hacked yesterday night. A hacker named Mr. Mugger disclosed the information of nearly 50 thousand Foodmandu users through Twitter. The information includes the name, phone number, address, email, and exact location of the users. The Hacker was finally arrested on Dec 9, 2020.

The hacker made a tweet about the hack on March 7 Night at 8:15 pm. Here is a snap of the tweet.

The tweet hints that Mr. Mugger had already told the company about security vulnerabilities as he used the word “tired of”. Hacker claims to have the data of 150K users and says publicizing 50k users as a filtered demo.

The breaching of such private data and publicizing online is one of the biggest security lapses ever. The breach is not only a threat to the company but also is hazardous to all the Foodmandu users as their information is leaked online.

Foodmandu official statement

Foodmandu, after fixing the loophole, has released its official statement about the data breach incident. They say the incident doesn’t have any impact on their commercial operations. In the official statement, they accept unauthorized customer data access by a hacker which includes the Name, Address, Email address, and phone number.

They have also revealed that they are in talks with the Cyber Crime Division of Nepal Police for further actions. The pioneering company had also asked the authorities (where the data resides) to take down the breached data.

They express their commitment to protect customer data of all forms and also seek support from the digital ecosystem in this situation.

Here is the official statement of Foodmandu on the incident.

NOTICE!!! pic.twitter.com/nDAWcm01kc

— Foodmandu (@foodmandu) March 8, 2020

We have been warned multiple times with the news of such hacks and breaches time and again. But the Nepalese digital sphere has to do a lot to prevent such unauthorized access and secure its data. It is high time companies take information security as the topmost priority.

As the companies are investing millions in operations and marketing, it is not known why the security aspect has been overlooked while having the biggest impact. Who knows the hacker could have done damage to the whole platform if it can access the data!!!

With the increasing use of digital technology & services, the service providers shall put such customer data at the highest level of security. There should not be any compromise in the security of such customer’s data.

Update 1:

Mr. Mugger has now deleted the earlier Tweet and the Github link to the data is also down. We can only see Mr. Mugger’s tweet in the day time as “Data is beautiful”. Yes, indeed Data is the beauty that everyone looks for.

With the above deletion of the hacker’s tweet, we can only guess if there has been some sort of deal between the hacker and Foodmandu. OR Twitter, Github might have taken down the tweet and compromised data at the request of the authorities.

Update 2:

Foodmandu has released another statement, informing people of their actions against the hack and removing such vulnerabilities. Foodmandu tries to assure people that their system is not affected in any way along with the safeguard of the user’s password. They ask people not to receive or reply to calls, SMS with the promise to resolve the issue.

They also urge their users to change their passwords periodically to avoid any risks.

Update 3: ( December 9, 2020)

Nepal Police, Cyber Bureau has finally arrested Dinesh Tiwari who is the man behind the Foodmandu Hack. As per the info, he could be the same hacker as named as Mr. Mugger. They were successful in tracking down the Hacker with the special operation called Hackers hunt.

Tell us what do you think of the Foodmandu customer data breach by a hacker in the comment below. Did you also find your contact details on the list? If so, then how did you feel when you saw your contact details and address there?