“We can confirm that no access was gained to client card data, as Glovo does not save or store such information,” the company said, per Reuters.
The hacker got access to the system Thursday (April 29) through an old administrator platform, according to Reuters. But the hacker was ejected as soon as they were detected.
The information was reported earlier by cybersecurity firm Hold Security, which said it found the breach and that the hacker was selling login credentials for customer and courier accounts, with the ability to change peoples’ passwords as well, Reuters reported.
The attack comes less than a month after Glovo raised 450 million euros (about $541 million) in funding, led by Lugard Road Capital and the Luxor Capital Group with participation from returning investors Delivery Hero, Drake Enterprises and GP Bullhound. With the new infusion of funds, the company planned to “double down” on its current markets, PYMNTS reported.
Glovo Co-Founder and CEO Oscar Pierre said the funds would be used to boost the company’s leadership in key positions, growing its quick commerce (Q-Commerce) division and expanding the company’s multi-category offering.
The company was riding a wave of interest in delivery services spurred by the pandemic’s rush of people staying home more often, according to Reuters. These types of platforms have been in the spotlight and spurred regulators and government officials to more readily address the working conditions and privacy issues in the gig economy.
Last year, a Spanish court ruled that Glovo workers were employees rather than gig workers, Reuters reported. And the government has been working on legislation to give unions access to the algorithms used by tech companies to manage the workforce.