Data Security, Patch/Configuration Management

Misconfiguration leaks GonnaOrder data

concept of leaky software, data with a tap sticking out.3d illustration

Major European food delivery platform GonnaOrder had real-time order information from thousands of its customers inadvertently exposed by a Kafka Broker instance that has been unsecured since August 2022, reports Cybernews.

Most of the exposed data, including orders, phone numbers, ordered locations, delivery notes, and payment details, were from customers in the UK, Belgium, Greece, and the Netherlands, according to Cybernews researchers. While Kafka could not be leveraged for massive data storage, attackers could compromise the misconfigured instance with a "collector" to facilitate prolonged data scraping activities, noted researchers. "Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers' data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building," said researchers, who warned of potential exploitation of the leaked data even after GonnaOrder moved to secure the instance late last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds