_Agata_Gładykowska_Alamy.jpg?#)
GrubHub got hacked. Go change your password!
A data breach counter feels too grim to start, given how last year went—but you can add another tally mark for 2025. On Monday, GrubHub disclosed its discovery of unauthorized access to customer contact information and payment info. Described as “recently identified” in the company’s announcement, the food delivery service says names, email addresses, and phone numbers were accessed for customers affiliated with its campus dining program, as well as customers, drivers, and merchants who had communicated with customer service. The leaked data also included the type of credit card and the last four card digits for some campus diners. Additionally, the hacker accessed hashed passwords for “certain legacy systems.” GrubHub says it has already preemptively rotated affected passwords, and that sensitive personal information was not accessed (e.g., customer passwords for GrubHub Marketplace, bank account info, driver’s licenses, and social security numbers). The hack happened through a third-party service account tied to GrubHub’s customer service. It has since been removed, along with the service provider, from the company’s systems. For most GrubHub customers, changing your password won’t be strictly necessary, but it’s a good precaution anyway, particularly if you have a weak password. Forensic work isn’t an exact science, and sometimes additional compromised information can be later discovered. Our favorite password manager Dashlane Read our review Best Prices Today: $4.99 at Dashlane If you already have a password manager, upgrading or swapping a password takes just a few minutes. And if you aren’t already using one, now’s a good time to start. It’ll handle everything, from generating unique, strong passwords to filling in login forms with your credentials for you. Security doesn’t have to be hard. Further reading: I refused to use a password manager for years. Now I swear by them Bonus move: Removing credit card information from your account if you don’t use it often. If you do, consider switching to a virtual credit card number, if your bank offers that kind of service. But you know what password managers can also store? Your credit card info. That way those details stay only in one, secure spot, rather than spread across the web.
A data breach counter feels too grim to start, given how last year went—but you can add another tally mark for 2025. On Monday, GrubHub disclosed its discovery of unauthorized access to customer contact information and payment info.
Described as “recently identified” in the company’s announcement, the food delivery service says names, email addresses, and phone numbers were accessed for customers affiliated with its campus dining program, as well as customers, drivers, and merchants who had communicated with customer service. The leaked data also included the type of credit card and the last four card digits for some campus diners.
Additionally, the hacker accessed hashed passwords for “certain legacy systems.” GrubHub says it has already preemptively rotated affected passwords, and that sensitive personal information was not accessed (e.g., customer passwords for GrubHub Marketplace, bank account info, driver’s licenses, and social security numbers).
The hack happened through a third-party service account tied to GrubHub’s customer service. It has since been removed, along with the service provider, from the company’s systems.
For most GrubHub customers, changing your password won’t be strictly necessary, but it’s a good precaution anyway, particularly if you have a weak password. Forensic work isn’t an exact science, and sometimes additional compromised information can be later discovered.
If you already have a password manager, upgrading or swapping a password takes just a few minutes. And if you aren’t already using one, now’s a good time to start. It’ll handle everything, from generating unique, strong passwords to filling in login forms with your credentials for you. Security doesn’t have to be hard.
Further reading: I refused to use a password manager for years. Now I swear by them
Bonus move: Removing credit card information from your account if you don’t use it often. If you do, consider switching to a virtual credit card number, if your bank offers that kind of service. But you know what password managers can also store? Your credit card info. That way those details stay only in one, secure spot, rather than spread across the web.
