A threat actor sent extortion emails to customers of restaurants using the HungerRush POS platform, claiming access to millions of customer records and threatening to expose data if demands were not met. HungerRush says the actor used a third‑party vendor’s compromised credentials to access its email marketing service, has disabled the affected account, notified law enforcement, and disputes that sensitive financial or personal data were exposed. #HungerRush #TwilioSendGrid
Keypoints
- Extortion emails were sent to restaurant patrons claiming millions of customer records were at risk.
- The messages were delivered via Twilio SendGrid infrastructure and passed SPF, DKIM, and DMARC checks for hungerrush.com.
- HungerRush reports the attacker used compromised credentials for a third‑party email marketing account to access customer contact information.
- The company disabled access to the affected email service, notified law enforcement, and says there is no evidence that payment card data or other sensitive personal data was exposed.
- An earlier infostealer infection of an employee device was reported by researchers, but HungerRush says that incident is not linked and the relationship remains unclear; customers should watch for phishing and SMS scams.