Food delivery service Grubhub has acknowledged a recent security breach after unauthorized individuals accessed certain areas of its internal systems.

This announcement follows reports to BleepingComputer indicating that the company is currently facing extortion threats regarding the illicitly obtained data.

In a communication to BleepingComputer, Grubhub stated it quickly identified and terminated the unauthorized activity.

"We are aware that unauthorized persons have recently acquired data from specific Grubhub systems," the firm remarked. "We swiftly investigated, halted the activity, and are implementing measures to enhance our security framework."

Grubhub further stated that sensitive data such as financial records or order histories remained unaffected. However, the organization declined to specify when the breach took place, whether customer data was compromised, or if extortion activities are currently ongoing.

Sign up for my FREE CyberGuy Report

Receive my best technology advice, urgent security notifications, and exclusive promotions directly in your inbox. Additionally, gain instant access to my Ultimate Scam Survival Guide for free when you subscribe to my CYBERGUY.COM newsletter.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR PETROLEUM RETAILER

Grubhub verified a data breach after unauthorized individuals penetrated parts of its internal frameworks, leading to an investigation and enhanced security protocols. (Michael Nagle/Bloomberg via Getty Images)

While the specifics remain sparse, Grubhub affirmed several critical details. It engaged a third-party cybersecurity firm and alerted law enforcement. Beyond this, the company has largely refrained from comment. This information vacuum has sparked concern, particularly in light of Grubhub's recent security-related issues. Just last month, the company was connected to fraudulent emails sent from its own b.grubhub.com subdomain, promoting a cryptocurrency scheme that claimed significant returns on Bitcoin investments. Grubhub indicated it managed to contain the situation and obstruct further unauthorized communications. It did not clarify any potential links between these two incidents.

Multiple sources reported to BleepingComputer that the ShinyHunters hacking group is responsible for the extortion effort. The group has not made any public statements regarding the allegations and did not respond to inquiries. Sources indicate the attackers are seeking a Bitcoin ransom to avert the publication of stolen information. That information purportedly includes older Salesforce records from a breach in February 2025 and more recent Zendesk data captured during the latest infiltration. Grubhub utilizes Zendesk for its online customer support operations, which handle order inquiries, account access, and billing concerns, making it an attractive target for cybercriminals.

Investigators suspect the breach may be associated with credentials acquired during past Salesloft Drift assaults. In August 2025, threat actors exploited stolen OAuth tokens from Salesloft's Salesforce integration, gaining access to sensitive systems over a ten-day span. A report from the Google Threat Intelligence Group, also referred to as Mandiant, noted that those attackers leveraged the stolen information to initiate subsequent attacks across various platforms. "GTIG observed UNC6395 targeting sensitive credentials such as AWS access keys, passwords, and Snowflake-related access tokens," Google reported. ShinyHunters previously took responsibility for that campaign, claiming it stole approximately 1.5 billion records from Salesforce environments belonging to hundreds of businesses.

Even though payment details and order histories were not compromised, customer support systems often retain personal information. Names, email addresses, and account notes can facilitate phishing attempts or identity fraud. Notably, this incident underscores how older breaches can continue to inflict harm long after the initial event. Stolen credentials that remain unchanged represent a critical entry point for cybercriminals.

If you utilize Grubhub or any online delivery platform, some proactive measures can mitigate your risk following a breach.

Begin by changing your Grubhub password immediately. Ensure you do not use that password on any other sites, as reused passwords provide attackers an easy route into additional accounts. A password manager can assist here by generating strong, unique logins and securely storing them, sparing you the need to memorize every single one.

Next, check if your email has been involved in previous data breaches. Our top recommended password manager has a built-in breach scanner that verifies whether your email address or passwords have appeared in known leaks. If you identify a match, promptly change any reused passwords and secure those accounts with new, unique credentials.

Explore the top expert-reviewed password managers of 2026 at Cyberguy.com.

ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS' RECORDS

The food delivery service claims it rapidly terminated the intrusion but has not revealed when the breach took place or if customers were specifically targeted. (Leonardo Munoz/VIEWpress)

If two-factor authentication (2FA) is available, activate it. This adds an extra layer when signing in, such as a code sent to your phone or app. Even if a hacker obtains your password, two-factor authentication can fend them off from accessing your account.

Be vigilant for emails or messages regarding orders, refunds, or support inquiries. Attackers frequently exploit stolen support information to create a sense of urgency and authenticity in their communications. Avoid clicking links or opening attachments unless you are certain of their legitimacy. Robust antivirus software can also block harmful links and downloads before they can inflict damage.

The most effective way to protect yourself from malicious links that could install malware and potentially expose your private information is by ensuring you have strong antivirus software across all your devices. This protective measure can also notify you about phishing emails and ransomware attempts, safeguarding your personal information and digital assets.

Discover my choices for the best antivirus solutions of 2026 suitable for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

Consider enlisting a data removal service to minimize your online presence. These services assist in erasing your personal details from data broker sites often exploited by attackers to construct profiles. Less exposed information translates to fewer opportunities for scammers to take advantage of.

While no service can ensure total removal of your data from the internet, a data removal service is indeed a wise decision. Though not inexpensive, your privacy is invaluable. These services handle the heavy lifting by actively monitoring and systematically eliminating your personal information from numerous websites. This approach offers peace of mind and has proven effective for erasing personal data from the internet. By restricting the available information, you lessen the likelihood of scammers cross-referencing breached data with information they might uncover on the dark web, complicating their attempts to target you.

Explore my leading recommendations for data removal services and receive a free scan to determine if your personal information is already present online by visiting Cyberguy.com.

Get a free scan to ascertain if your personal information is currently visible on the web: Cyberguy.com.

Be cautious of any cryptocurrency offers associated with familiar brands. Grubhub has previously been implicated in scam emails promoting crypto ventures, highlighting how frequently attackers exploit reputable names. Authentic companies do not guarantee quick returns or exert pressure for immediate action.

Review your Grubhub account for any suspicious activity. Watch for unexpected password reset requests, order confirmations, or support communications you did not initiate. Cybercriminals often discreetly test stolen credentials before advancing to more significant actions.

Your email account is crucial for password resets. Change that password and enable two-factor authentication if you haven't already. If attackers gain control of your email, they can regain access even after you modify other passwords.

Breach data is commonly reused weeks or months later. Phishing attempts may surface long after the initial reports subside. Approach any future messages purporting to reference Grubhub support, refunds, or account problems with heightened vigilance.

These precautions may not reverse a breach, but they can help limit how attackers exploit stolen information and lower your risk in the future.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

Sources inform BleepingComputer that the Grubhub breach is linked to extortion demands involving allegedly stolen customer support data. (Gabby Jones/Bloomberg via Getty Images)

Grubhub's affirmation provides an official acknowledgment of what sources have been cautioning about for weeks. While the firm claims sensitive data was not compromised, lingering questions remain. As extortion-driven breaches become more prevalent, transparency and prompt credential updates are becoming increasingly vital. Notably, older compromises continue to pose renewed threats. When access tokens exist for too long, attackers do not need to force their way back in; they can simply walk through an unsecured entrance.

If companies remain silent following breaches, how are customers expected to know when it's necessary to take protective measures? Reach out to us via Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Receive my best tech advice, urgent security notifications, and exclusive promotions straight to your inbox. You will also gain immediate access to my Ultimate Scam Survival Guide for free when you subscribe to my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning technology journalist who possesses a profound passion for technology, tools, and gadgets that enhance life, contributing to Fox News & FOX Business each morning on "FOX & Friends." Have a tech inquiry? Subscribe to Kurt’s free CyberGuy Newsletter, share your thoughts, story ideas, or feedback at CyberGuy.com.