Most of the exposed data, including orders, phone numbers, ordered locations, delivery notes, and payment details, were from customers in the UK, Belgium, Greece, and the Netherlands, according to Cybernews researchers. While Kafka could not be leveraged for massive data storage, attackers could compromise the misconfigured instance with a "collector" to facilitate prolonged data scraping activities, noted researchers. "Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers' data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building," said researchers, who warned of potential exploitation of the leaked data even after GonnaOrder moved to secure the instance late last month.
Data Security, Patch/Configuration Management
Misconfiguration leaks GonnaOrder data

(Adobe Stock)
Major European food delivery platform GonnaOrder had real-time order information from thousands of its customers inadvertently exposed by a Kafka Broker instance that has been unsecured since August 2022, reports Cybernews.
Most of the exposed data, including orders, phone numbers, ordered locations, delivery notes, and payment details, were from customers in the UK, Belgium, Greece, and the Netherlands, according to Cybernews researchers. While Kafka could not be leveraged for massive data storage, attackers could compromise the misconfigured instance with a "collector" to facilitate prolonged data scraping activities, noted researchers. "Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers' data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building," said researchers, who warned of potential exploitation of the leaked data even after GonnaOrder moved to secure the instance late last month.
Most of the exposed data, including orders, phone numbers, ordered locations, delivery notes, and payment details, were from customers in the UK, Belgium, Greece, and the Netherlands, according to Cybernews researchers. While Kafka could not be leveraged for massive data storage, attackers could compromise the misconfigured instance with a "collector" to facilitate prolonged data scraping activities, noted researchers. "Throughout the whole time the exposed instance was open, malicious actors could have obtained millions of customers' data, including names, phone numbers, home addresses, as well as order details, which can often contain private info such as access codes to enter the building," said researchers, who warned of potential exploitation of the leaked data even after GonnaOrder moved to secure the instance late last month.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds