Food delivery platform Grubhub has confirmed a recent data breach involving unauthorized access and extortion demands from cybercriminals. The incident may be connected to previous breaches and scams involving stolen Salesforce and Zendesk data. #ShinyHunters #SalesforceBreach
Keypoints
- Cybercriminal group ShinyHunters is allegedly extorting Grubhub with Bitcoin demands.
- The breach involved stolen credentials from the recent Salesforce and Salesloft Drift attacks.
- Grubhub has engaged a cybersecurity firm and notified law enforcement about the incident.
- Previous incidents include scam emails and potential connections to the current breach.
- Organizations should promptly rotate affected access tokens and secrets to prevent follow-up attacks.