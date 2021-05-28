Following the cyberattack on Glovo that took place a few weeks ago, hackers who have put the customer database up for sale claim that the stolen information includes credit cards.

At the end of last April, Glovo was the victim of a cyberattack that allowed hackers to have access to the personal data of customers and workers. The Barcelona-based home delivery company confirmed that it had been hacked, but initially the theft of data from payment methods was ruled out.

However, it finally appears that the attackers did have access to the clients’ financial information. Law of the Network reports that hackers who have put Glovo’s stolen database up for sale on the Dark Web they claim that the customer’s credit or debit card number is included in the file.

Alex Holde, founder of Hold Security, was in charge of raising the alarm a few weeks ago about the Glovo hack. The researcher came across a video in which the attackers showed off how they accessed the computers used to manage Glovo accounts. Holde informed the company, which explained that the hackers were able to access it through an old admin panel interface.

At the time the security breach was discovered, its magnitude was unknown, but we now know that it is far more worrisome than it first appeared. After a scaled-down version of the database with a size of 180GB was for sale, attackers now market what appears to be the full database.

Specific, the file that is sold on the Dark Web to the highest bidder contains 480 GB of personal data of Glovo users, where the following information for each person is included: Name and surname, email, address, date of birth, passwords (SHA-256), ID, bank accounts and credit or debit card details registered in the application. Furthermore, the vendor ensures that the database also includes administrator accounts with hacked passwords (SHA1).

If you are a Glovo user, the first thing you have to do is change your password as soon as possible, in case you didn’t do it a few weeks ago when the hack was detected. In addition, since the attackers claim that they have the bank card data in their possession, keep an eye on your movements to make sure there is no unexpected charge.