Data leak at the Gorillas delivery service: Millions of order data were available

[ad_1]
Over a million order details from 200,000 customers who ordered the Gorillas delivery service were publicly available. That is what the collective Zerforschung found out. The records contained the addressee’s name, telephone number, email address and physical address of the orders as well as the products ordered and the expiry date of the credit card, if this was used to pay. Research had already revealed a data leak at the delivery service Flink in March, here 3700 data records were affected. The collective was able to access an order query via a GraphQL API. This gap should be closed. Research had also proven a data gap for the Hamburg-based provider Bringoo. In the case of gorillas, research has according to its own information the gaps are documented and reported to the CERT-Bund. He checked them and sent them to gorillas. According to its own statement, the delivery service has now closed the gaps described and has also informed customers and suppliers who are also affected by the problem. “To the best of the company’s knowledge, no data has been stolen or otherwise misused”, is a quote from Gorillas on berlin.de, the home of the delivery company. GraphQL also played a role in the research of the collective with the Gorillas data leak. “In order to be able to access the inquiries about the orders, you need an access code (JSON Web Token)”, explains Zerforschung. Anyone who logs into the app receives an ID of this type. “In the expectation that we could use it to query our own data at most, we took our access ID from the app data traffic and entered it into our GraphQL client. And we actually got Data. Not just ours, but everyone. ” In the previous course of the research, the collective also saw photos of front doors and doorbell signs. The data that were exposed could form the basis for a perfidious attack scenario, explains Zerforschung. “We know the data of all customers, including their orders, and can write e-mails on behalf of gorillas.” For example, they could be tricked into paying a bill twice. “Since the domains gorlllas.io and goriilas.io are still free, even domains that look familiar could be used here for payment,” says the collective. Gorillas has twelve German cities as well as cities in the Netherlands, Great Britain and France as delivery areas. Buying from a range of 1000 products, Gorillas promises to deliver within ten minutes. It is rumored in financial circles that the start-up founded in Berlin in 2020 will be valued at one billion euros. (anw)
To home page
[ad_2]

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Related Posts

Marijuana Problem Chart

Marijuana Problem Chart Marijuana can affect people in different ways, both good and bad. It can make you feel relaxed, happy, and relieve pain because

Marijuana Dispensary Uxbridge Ma

Marijuana Dispensary Uxbridge Ma Looking for the best marijuana dispensary in Uxbridge, MA? Look no further than XYZ Dispensary! XYZ Dispensary is known for its

Marijuana Coffeeshop Zwolle

Marijuana Coffeeshop Zwolle Key Takeaways Uncover the wide variety of coffee spots in Zwolle, each with its own unique atmosphere and menu tailored to different

Md Marijuana Card Express

Md Marijuana Card Express Getting a medical marijuana card in Maryland is actually pretty simple. All you have to do is follow a few easy

Marijuana Jokes for Adults

Marijuana Jokes for Adults Marijuana jokes for grown-ups are like hitting a high-quality strain – they deliver just the right buzz when you need a

Best Marijuana Strains for Ptsd

Best Marijuana Strains for Ptsd Key Takeaways To effectively manage symptoms of PTSD, it is essential to recognize the specific requirements of individuals with this