As initially reported by BleepingComputer, Grubhub has confirmed its data was stolen by hackers. 

“We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” BleepingComputer was informed by the organization. “We quickly investigated, stopped the activity, and are taking steps to further increase our security posture. Sensitive information, such as financial information or order history, was not affected.” 

The specifics of incident remain unclear, including when the hacking itself occurred. It is unknown if the organization is currently being extorted or if customer data is involved. As of current reports, Grubhub has not responded to further inquiries. 

Grubhub was previously linked to a malicious email campaign that included a scam cryptocurrency promotion, promising high returns on Bitcoin payments. At the time, the organization stated the issue had been contained. No further questions were answered on the subject, and it is unclear if that scam is related to this most recent hacking. 

According to BleepingComputer, multiple sources have claimed the cybercrime group known as ShinyHunters is extorting the company. This claim has not currently been confirmed by the threat actors themselves. 

ShinyHunters recently made headlines after the hacking of BreachForums — a cybercrime forum — revealed the identities of multiple cybercriminals.