Sensitive data Compromised in Breach for 1+ million Customers using Food Delivery Service

DESCRIPTION

Weee! is a food delivery service headquartered in Fremont California. The company delivers food across 48 states and claims to be the largest Asian and Hispanic food delivery service in North America. Weee! has more than 1,500 employees and is valued at over $4 billion. The company made an announcement on its website that it suffered a data breach in February of 2023 that compromised the information of customers who placed an order with them between July 12, 2021, and July 12, 2022. Information included name, address, email address, phone number and order number. Other data included the device type used to place the order, including delivery notes provided by customer such as access codes needed to enter residential buildings and businesses. Weee! has made it clear that no financial information was accessed in the attack as this information does not reside within the compromised database.

IDENTIFY INDICATORS OF COMPROMISE (IOC)

On February 6, 2023, a threat actor named IntelBroker began leaking data exfiltrated from Weee! on a hacking and data breach forum site. Weee! was then contacted, and the company confirmed to BleepingComputer that the posted customer information was real and that a breach had occurred. While more than 11 million order records were stolen in the breach, there were only 1.1 million unique email addresses meaning many of the orders were placed by the same customers during that time frame.

CONTAINMENT (If IoCs are identified)

Weee! has stated that they are conducting a review of their security measures in place, and that customers whose information was compromised will be contacted individually. No additional information is available presently.

PREVENTION

We can only speculate how the threat actors were able to infiltrate the Weee! network and access information from their database. Some of the possible attack methodologies include the following:

  • Phishing attacks remain the most prominent attack delivery method as threat actors attempt to trick an email user into giving away some type of sensitive information, such as privileged logon credentials. Phishing attacks are also used in malware attacks, using a malicious attachment that lured the user to open.
  • Ransomware attacks are multifaceted today in that the attacker exfiltrates a company’s data before encrypting it, thus giving them two extorsion threats.
  • SQL injection attacks involve a threat attacker inserting malicious code into an application SQL query to manipulate the integrated database.
  • Zero-day exploits are software vulnerabilities that have not been properly patched by the software vendor. These vulnerabilities are then exploited by attackers.
  • Social engineering is used to coax an employee into providing privileged information that can be used in an attack. An example could be an attacker posing as a support technician requesting access information either in person or over the phone.

There are many attack avenues that can be used in a data breach. That’s why it is so important to conduct a security risk assessment of your organization to determine what those potential vulnerabilities are and what critical assets may be exposed to them. Only then can you create a comprehensive cybersecurity strategy that will fulfill your duty of care to protect the sensitive data of other parties. Let’s discuss how you can establish reasonable security to address your changing risk landscape.