EST 2:00, October 5th; Chowbus, a well-known U.S. food delivery platform is facing a large-scale user information leakage crisis.
Many Chowbus users claimed that they received an e-mail from no-reply@chowbus.com with the title of Chowbus data, the content was founded to contain the words “download Chowbus data here” and two links: “restaurants” and “users”.
Shockingly, it is just two-link-clicking away to download two CSV forms which contain more than 4,300 restaurant information (including their names, addresses, phone numbers, and restaurant commission rates) and 803,350 rows of user information data. They are including user names, personal phone numbers and addresses, it is reported that the information leakage of Chowbus users is severely hitting Chinese students in Chicago, New York, Boston, Philadelphia, Seattle.
As an U.S. food delivery platform, Chinese students is the majority user on Chowbus and they confirmed their personal information from those CSV forms. Moreover, people even posted the personal information of Ouyang Nana (a Chinese celebrity) retrieved from the those leaking forms, and Chowbus user on Douban team also confirmed the facticity.
At present, Chowbus officials have responded on Twitter, acknowledging that Chowbus did leak the user information, However, they insisted that “Chowbus payment is processed through a third party, and we are confident to say the user’s payment information has not been leaked.”
So far, Chowbus has only admitted the information leakage, but they still have not explained the reason for it. It has been becoming the hitting topic on Reddit that people speculated that Chowbus company management is likely to be in troubles and the source of information leakage may be the Chowbus’s internal employees.
It has been a big reminder for international students who used or still using Chowbus to pay more attention on protecting their personal information even the leakage is just about phone numbers or addresses. Moreover, When customer request to disable their accounts, their personal information such as address and phone number is not removed by Chowbus. Instead, their information leaked in the .cvs file is only labeled with “disabled” plus a time stamp. Hence, the information of Chowbus users has been already leaked to the Internet and It is crucial to change the account password, unbind the credit card, uninstall the Chowbus App and contact the police immediately if any suspicious transactions happen.
The impact of information leakage of Chowbus is still spreading, the users are even more concerning about they will be harassed through those information since most of them are international students. It is reported that the fraud cases related to international students are booming each year. Protecting user’s information has been becoming the great standard to measure business integrity for all Internet platforms.
Students who need to check whether their information was leaked from Chowbus, please visit: www.haveibeenpwned.com. then enter your usual email address to know if you are affected. Students who have been affected should refer to this article to check the leaked personal information on the Internet and request removal of the information: here.
(Syndicated press content is neither written, edited or verified by ED Times)
