The credentials of clients and distributors of the platform Glovo in Spain they have appeared for sale on the Internet, as a result of a security breach that the company is currently investigating.
Unauthorized third-party actors accessed Glovo’s systems through the interface of a old admin panel. From there they managed to obtain a database with the credentials of the customer and delivery accounts.
The information was put up for sale on the ‘dark web’, where it was found by the Head of Technology and founder of Hold Security, Alex Holden, who reported this event to Forbes. The shared videos and screenshots showing the access to the administration of the accounts of Glovo.
Glovo was notified of this breach last Thursday and a day later it blocked access to the affected system. This Monday, May 3, he confirmed the ‘hack’ and the solution of the security problem.
“On April 29 we detected unauthorized access by a third party to one of our systems,” he acknowledged Glovo in a statement sent to Europa Press, in which it confirms that the access took place through an old interface of the administration panel.
«As soon as we were aware, we took action immediately, blocking unauthorized third party access and implementing additional measures to protect our platform ”, the company assured.
However, and according to the aforementioned medium, the data of users and distributors were still for sale on the Internet, with the potential to modify the password of the accounts.
The company has confirmed that no credit card data of its customers was accessed, since this information is not stored, and has also assured that it is investigating what happened and that it has contacted the Spanish Agency for Data Protection.