Chowbus user data breach (email, name, phone, address) with 800k rows

[abcdabcd987]

Email sent to all users via Chowbus Sendgrid. Link to anonymousfiles.io. Two CSVs, restaurants and users.

  $ head -n 1 users_y1KGkRi.csv
  "email","first_name","last_name","phone_number","address_1","address_2","city","state","zip_code"
  $ wc -l users_y1KGkRi.csv
  803354 users_y1KGkRi.csv
  $ cat users_y1KGkRi.csv | cut -d "," -f 1 | sort | uniq | wc -l
  444218

  $ head -n 1 restaurants_KmHZSPi.csv 
  "name","foreign_name","phone_number","commission_rate","address_1","address_2","city","state","zip_code"
  $ wc -l restaurants_KmHZSPi.csv
    4301 restaurants_KmHZSPi.csv

[H12]

I got a similar email and contacted Chowbus about it. Here was their reply:

Thank you for bringing this to our attention. As soon as we became aware of this incident, our security team quickly took steps to secure our systems, including our customers’ account information. The link from the email is already disabled. Your credit card information does not exist in our systems. Any credit card information and transaction is processed by Stripe, a secure 3rd party payment processor. We are confident your credit card information is safe.

[jka]

Although you might have done already, it'd be worth contacting Chowbus to report this. There's an email contact in the footer of their homepage; I couldn't initially find a security-related contact address, but they may have one too.

[FandangoRanger]

I used to be a person but then I became a consumer and now I've become a row.

[iordachej]

Hey fellow. Row 54 here

[rvz]

Complete disaster.

[0009427807]

Jarvis