The Cybernews research team has uncovered a data exposure involving GonnaOrder, a Europe-based food delivery and digital ordering platform. The misconfigured system exposed thousands of customers’ personal details, including food orders, home addresses, and contact information.
Most of the affected users are located in the UK, Belgium, Greece, Germany, and the Netherlands. The team believes that the leaky instance has been open since August 2022, due to how it was indexed on an IoT search engine.
“Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers’ data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building,” the research team said.
What data was exposed?
- Customer orders
- Restaurant and hotels where orders were made
- Customer phone numbers
- Email addresses
- Home addresses
- Delivery notes
- Payment methods used
What are the potential risks?
Exposed data can be used for identity theft, or sold on the dark web. Access codes in delivery notes may even enable physical crimes like burglary.
To read the full research report, please click here.
Like this:
Like Loading...
Related
This entry was posted on June 11, 2025 at 9:39 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Food delivery platform GonnaOrder exposes customer names, addresses
The Cybernews research team has uncovered a data exposure involving GonnaOrder, a Europe-based food delivery and digital ordering platform. The misconfigured system exposed thousands of customers’ personal details, including food orders, home addresses, and contact information.
Most of the affected users are located in the UK, Belgium, Greece, Germany, and the Netherlands. The team believes that the leaky instance has been open since August 2022, due to how it was indexed on an IoT search engine.
“Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers’ data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building,” the research team said.
What data was exposed?
What are the potential risks?
Exposed data can be used for identity theft, or sold on the dark web. Access codes in delivery notes may even enable physical crimes like burglary.
To read the full research report, please click here.
Share this:
Like this:
Related
This entry was posted on June 11, 2025 at 9:39 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.