A cybercriminal has managed to access Glovo systems and data from both users and distributors of the Spanish company. It has done so through an outdated administration panel and, as it has advanced Forbes exclusively, the attacker was selling access to customer accounts and riders compromised, with the ability to change your passwords.
From Glovo they have assured that they are investigating the incident that they detected on April 29, although they can confirm that "no customer card data was accessed" since they do not save or store said information, as explained in a statement sent to Webedia.
From Glovo they assure that no data related to bank cards was accessed and that they have taken measures to block access by unauthorized third parties
The gap would be solved
Alex Holden, Chief Technology Officer and founder of Hold Security, a company dedicated among other things to tracking the action of cybercriminals, alerted Forbes of this unauthorized incursion into Glovo's servers after finding the evidence provided by a hacker to demonstrate its action.
Specifically, the investigator was able to see screenshots and videos in which the attacker It showed how it had accessed the computers used by the Spanish company to manage the accounts of its customers and delivery people. Glovo was notified of this incident on Thursday after the confirmation by one of the platform's users that he belonged to it.
The Spanish Agency for Data Protection has already been notified about unauthorized access to the Glovo platform
"As soon as we discovered this suspicious activity, we took immediate measures to block access by unauthorized third parties and put additional measures in place to secure our platform," explained officials from the delivery company.
Glovo has also proceeded to inform the Spanish Agency for Data Protection, as required by the General Data Protection Regulation of the European Union, and they ensure that they will provide them with all the information they need for the investigation. "At Glovo we take data security very seriously and we apologize for the concern and inconvenience that what happened may have caused," they say.