HungerRush, a cloud-based point-of-sale platform catering to pizza and fast-casual chains, is reportedly the victim of a significant data breach. A threat actor on a cybercrime forum is currently advertising a database for sale that claims to hold sensitive records for more than 28 million customers and restaurant entities.

The reported breach of HungerRush highlights a growing trend of cyberattacks targeting third-party service providers that manage vast amounts of consumer data. By centralizing operations for thousands of restaurant locations, these cloud-based platforms become high-value targets for hackers looking to acquire massive datasets in a single hit. In this specific instance, the seller on the underground forum is seeking a one-time buyer for the entire collection, which suggests the information is fresh and potentially highly profitable for identity theft or targeted phishing campaigns.

A deep dive into the advertised data reveals a troubling level of detail regarding both the businesses and their patrons. For individual customers, the leaked records allegedly include full names, physical home addresses, phone numbers, and email addresses. This combination of personally identifiable information is particularly dangerous as it provides bad actors with the necessary tools to bypass security questions or craft convincing scams that appear to come from legitimate restaurant brands.

The exposure is not limited to customers, as business owners and the restaurants themselves are also heavily impacted. The database reportedly contains internal business details such as owner names, restaurant descriptions, and specialized contact information like Twilio phone numbers and fax lines. Furthermore, technical data including domain names, URLs for ordering systems, and survey links have been listed, which could allow attackers to map out the digital infrastructure of these businesses for further exploitation.

Beyond basic contact info, the presence of internal system markers makes this incident even more concerning for the affected brands. The data includes internal identifiers and system timestamps that show exactly when records were created or modified. This level of technical metadata can help criminals understand how the HungerRush backend is structured, potentially leading to more sophisticated attacks against the platform's integrity or the individual restaurants that rely on it for daily transactions.

As the situation unfolds, both restaurant operators and frequent diners of fast-casual chains are advised to remain vigilant. With email addresses and phone numbers out in the open, there is a high likelihood of an uptick in fraudulent communications. While HungerRush has not yet provided a full public accounting of the claims made on the cybercrime forum, the sheer volume of 28 million records serves as a stark reminder of the vulnerabilities inherent in modern, interconnected retail technology.

Source: HungerRush Data Breach Allegedly Exposes Personal Info Of 28 Million Users