On April 29, 2021 hackers made unauthorized access to user administration systems at Glovo, a Spanish Amazon competitor valued at $2 billion. While the startup announced the data breach and claims to have fixed the vulnerability used to exploit their systems, the security community remains concerned that the responsible hackers are still actively selling the extracted data. Glovo maintains no user credit card data was exposed, as they do not store such information; however, reports suggest that International Bank Account Numbers (IBAN) and tax ID numbers were exposed in this breach.
Holden told Forbes he was concerned that as of Monday the hacker was still promising buyers access to Glovo systems and data, and that the information appeared to be unencrypted to any outsider who could break in. He also raised concerns that couriers’ IBAN numbers and tax ID numbers were exposed.