Grubhub confirms data breach amid extortion claims

Food transportation level Grubhub has confirmed a caller information breach aft unauthorized actors accessed parts of its interior systems. 

The disclosure comes arsenic sources archer BleepingComputer the institution is present facing extortion demands linked to stolen data.

In a connection to BleepingComputer, Grubhub said it detected and stopped the enactment quickly.

"We're alert of unauthorized individuals who precocious downloaded information from definite Grubhub systems," the institution said. "We rapidly investigated, stopped the activity, and are taking steps to further summation our information posture."

Grubhub added that delicate information, specified arsenic fiscal details oregon bid history, was not affected. However, the institution declined to reply follow-up questions astir erstwhile the breach occurred, whether lawsuit information was involved, oregon if it is actively being extorted.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN

Grubhub confirmed a information breach aft unauthorized actors accessed parts of its interior systems, prompting an probe and heightened information measures. (Photographer: Michael Nagle/Bloomberg via Getty Images)

What Grubhub has confirmed truthful far

While details stay limited, Grubhub confirmed respective cardinal points. It has brought successful a third-party cybersecurity steadfast and notified instrumentality enforcement. Beyond that, the institution has stayed mostly silent. That deficiency of item has raised concern, particularly fixed Grubhub's caller information history. Just past month, the institution was linked to scam emails sent from its ain b.grubhub.com subdomain. Those messages promoted a cryptocurrency scam promising ample returns connected Bitcoin payments. Grubhub said it contained the incidental and blocked further unauthorized emails. It did not clarify whether the 2 events are related.

Sources nexus the breach to ShinyHunters extortion

According to aggregate sources cited by BleepingComputer, the ShinyHunters hacking radical is down the extortion attempt. The radical has not publically commented connected the claims and declined to respond erstwhile contacted. Sources accidental the attackers are demanding a Bitcoin outgo to forestall the merchandise of stolen data. That information reportedly includes older Salesforce records from a February 2025 breach and newer Zendesk information taken during the astir caller intrusion. Grubhub uses Zendesk to tally its online lawsuit enactment system. That level handles bid issues, relationship entree and billing questions, making it a invaluable people for attackers.

How stolen credentials whitethorn person enabled the attack

Investigators judge the breach whitethorn beryllium tied to credentials stolen during earlier Salesloft Drift attacks. In August 2025, menace actors utilized stolen OAuth tokens from Salesloft's Salesforce integration to entree delicate systems implicit a ten-day period. According to a study from Google Threat Intelligence Group, besides known arsenic Mandiant, attackers utilized that stolen information to motorboat follow-up attacks crossed aggregate platforms. "GTIG observed UNC6395 targeting delicate credentials specified arsenic AWS entree keys, passwords and Snowflake-related entree tokens," Google reported. ShinyHunters antecedently claimed work for that campaign, stating it stole astir 1.5 cardinal records from Salesforce environments tied to hundreds of companies.

Why this breach inactive matters

Even if outgo information and bid past were not affected, enactment systems often incorporate idiosyncratic details. Names, email addresses and relationship notes tin beryllium capable to substance phishing attacks oregon individuality scams. More importantly, this incidental highlights however older breaches tin proceed to origin harm agelong aft the archetypal attack. Stolen credentials that are ne'er rotated stay a almighty introduction constituent for menace actors.

Ways to enactment harmless aft the Grubhub information breach

If you usage Grubhub oregon immoderate online transportation service, a fewer astute steps tin trim your hazard aft a breach.

1) Update your password and halt re-use

Start by changing your Grubhub password close away. Make definite you bash not reuse that password anyplace else. Reused passwords springiness attackers an casual way into different accounts. A password manager tin assistance here. It creates strong, unsocial logins and stores them securely truthful you bash not person to retrieve them all.

Next, spot if your email has been exposed successful past breaches. Our No. 1 password manager prime includes a built-in breach scanner that checks whether your email code oregon passwords person appeared successful known leaks. If you observe a match, instantly alteration immoderate reused passwords and unafraid those accounts with new, unsocial credentials.

Check retired the champion expert-reviewed password managers of 2026 astatine Cyberguy.com.

ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS' RECORDS

The nutrient transportation level says it rapidly stopped the intrusion but has not disclosed erstwhile the breach occurred oregon whether customers were targeted. (Photo by Leonardo Munoz/VIEWpress)

2) Turn connected two-factor authentication

If two-factor authentication (2FA) is available, alteration it. This adds a 2nd measurement erstwhile you motion in, specified arsenic a codification sent to your telephone oregon app. Even if a hacker steals your password, two-factor authentication tin halt them from getting in.

3) Watch intimately for phishing attempts and usage beardown antivirus software

Be alert for emails oregon texts that notation orders, refunds oregon enactment issues. Attackers often usage stolen enactment information to marque messages consciousness urgent and real. Do not click links oregon unfastened attachments unless you are definite they are legitimate. Strong antivirus bundle tin besides assistance artifact malicious links and downloads earlier they origin harm.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe.

Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Remove your information from people-search sites

Consider utilizing a information removal work to trim your online footprint. These services assistance region your idiosyncratic details from information broker sites that attackers often usage to physique profiles. Less exposed information means less tools for scammers to exploit.

While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren't cheap, and neither is your privacy. These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It's what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

5) Ignore crypto messages utilizing trusted brands

Be skeptical of immoderate cryptocurrency offers tied to acquainted companies. Grubhub was antecedently linked to scam emails promoting crypto schemes, which shows however often attackers maltreatment trusted names. Legitimate companies bash not committedness accelerated returns oregon unit you to enactment immediately.

6) Monitor your Grubhub relationship and email activity

Check your Grubhub relationship for thing that looks unfamiliar. Watch for unexpected password reset emails, bid confirmations oregon enactment messages you did not request. Attackers often trial stolen information softly earlier making bigger moves.

7) Secure the email linked to your Grubhub account

Your email relationship is the cardinal to password resets. Change that password and alteration two-factor authentication if it is not already on. If attackers power your email, they tin regain entree adjacent aft you alteration different passwords.

8) Stay alert for delayed scams tied to the breach

Breach information is often reused weeks oregon months later. Phishing attempts whitethorn look agelong aft headlines fade. Treat immoderate aboriginal messages claiming to notation Grubhub support, refunds oregon relationship issues with other caution.

These steps volition not undo a breach, but they tin bounds however attackers exploit stolen accusation and trim your hazard going forward.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

Sources archer BleepingComputer the Grubhub breach is tied to extortion demands involving allegedly stolen lawsuit enactment data. (Gabby Jones/Bloomberg via Getty Images)

Kurt's cardinal takeaways

Grubhub's confirmation puts an authoritative stamp connected what sources person warned astir for weeks. While the institution says delicate information was not affected, unanswered questions remain. As extortion-driven breaches rise, transparency and accelerated credential rotation substance much than ever. What stands retired astir is however past compromises proceed to make caller risks. When entree tokens unrecorded excessively long, attackers bash not request to interruption successful again. They simply locomotion backmost done an unfastened door.

If companies enactment quiescent aft breaches, however tin customers cognize erstwhile it is clip to support themselves? Let america cognize by penning to america at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.