from Hacker News

Chowbus user data breach (email, name, phone, address) with 800k rows

by abcdabcd987 on 10/5/20, 7:48 AM with 6 comments

  $ head -n 1 users_y1KGkRi.csv
  "email","first_name","last_name","phone_number","address_1","address_2","city","state","zip_code"
  $ wc -l users_y1KGkRi.csv
  803354 users_y1KGkRi.csv
  $ cat users_y1KGkRi.csv | cut -d "," -f 1 | sort | uniq | wc -l
  444218

  $ head -n 1 restaurants_KmHZSPi.csv 
  "name","foreign_name","phone_number","commission_rate","address_1","address_2","city","state","zip_code"
  $ wc -l restaurants_KmHZSPi.csv
    4301 restaurants_KmHZSPi.csv

• by H12 on 10/5/20, 3:32 PM

  I got a similar email and contacted Chowbus about it. Here was their reply:

  Thank you for bringing this to our attention. As soon as we became aware of this incident, our security team quickly took steps to secure our systems, including our customers’ account information. The link from the email is already disabled. Your credit card information does not exist in our systems. Any credit card information and transaction is processed by Stripe, a secure 3rd party payment processor. We are confident your credit card information is safe.

• by jka on 10/5/20, 9:53 AM

  Although you might have done already, it'd be worth contacting Chowbus to report this. There's an email contact in the footer of their homepage; I couldn't initially find a security-related contact address, but they may have one too.

• by FandangoRanger on 10/5/20, 9:12 PM

  I used to be a person but then I became a consumer and now I've become a row.

• by rvz on 10/5/20, 8:18 AM

  Complete disaster.

• by 0009427807 on 10/6/20, 8:48 AM

  Jarvis