I think it is safe to say that Foodora customers would prefer to receive the takeout they ordered rather than have their personal data exposed…


Delivery Hero and Foodora

This week, CPG is taking a look at the data breach of popular food delivery service, Delivery Hero. The attack stems from one of the brands they recently acquired. The brand in question is Foodora. 

Now, before we dive into the attack, let’s take a look at some general information regarding the company in question. 

To begin, Delivery Hero is an online food delivery service based out of Berlin, Germany. Although based in Germany, the company can be found in Europe, Asia, Latin America and the Middle East.

Delivery Hero partners with over half a million restaurants across the world to provide delivery services to hungry customers. 

In 2015, Delivery Hero acquired a similar business by the name of Foodora. This company partnered with Delivery Hero to expand across Europe and other countries. 

After the acquisition, news regarding the collaboration died down. But now, These two companies are appearing once more in the headlines regarding their data breach. 


The Data Breach

To begin breaking down the data breach, let’s start at the beginning. In Mid May, evidence of the data breach appeared on a dark web forum. Further, the leaked data included customer usernames, phone numbers, addresses, full names, locations, and hashed passwords.

Information not posted on the site included credit card or payment information. 

Foodora posted the following notice on it’s website


Unfortunately, we can confirm that a data breach has been identified, concerning foodora customer data from the year of 2016. 


 The data contains approximately 480,000 unique email addresses as well as certain customer details, including encrypted password hashes, name, first name, delivery address, and phone number. No clear-text passwords appear exposed


When did it happen?

The breach was discovered recently and the data in question is from 2016.


We will continue to apply the highest data security standards and act in accordance with GDPR regulations. We are constantly working to further improve our technologies and processes in order to minimize any risks for our customers.


The Aftermath

Since the notice of the breach, Foodora as a whole is facing other struggles as well. These issues include financial troubles due to a saturation of delivery services on the market. The company announced it will be shutting down operations in Canada. 

As for the data breach and customers, the company recommends exercising caution if they are to receive any suspicious emails or texts. All in all, regards to next steps from Foodora are currently unclear. 

The company has yet to release a statement as to whether or not customers are directly informed or if an investigation is being conducted. 


By Taylor Ritchey