Home / Crime and Justice / Grubhub Hacked: Data Stolen in Salesloft Breach Fallout
Grubhub Hacked: Data Stolen in Salesloft Breach Fallout
16 Jan
Summary
- Grubhub confirmed unauthorized access to certain systems.
- The ShinyHunters group is allegedly behind the attack.
- This breach is linked to the broader Salesloft security incident.
Grubhub, a prominent US food delivery service, has become the latest victim in a series of data breaches stemming from the Salesloft security incident. The company confirmed that unauthorized individuals accessed certain Grubhub systems, leading to data exfiltration. While Grubhub asserts that sensitive financial information and order history were not affected, the full scope of the downloaded data is still under investigation.
Sources familiar with the matter point to the ShinyHunters ransomware group as the perpetrators, who are allegedly demanding a bitcoin ransom to prevent the leak of Salesforce and Zendesk data on the dark web. The Grubhub breach is understood to have occurred after login credentials and secrets were compromised through the Salesloft Drift attacks, which began in August 2025. This incident has already impacted at least 31 organizations globally.
Authorities have been alerted to the Grubhub breach, and external cybersecurity professionals have been engaged to aid in the ongoing investigation. The Salesloft incident, which involved the theft of OAuth tokens for Salesloft's Salesforce integration, has had far-reaching consequences, affecting numerous businesses worldwide and highlighting the interconnected risks in the digital supply chain.
