Cyber: Hacker Mass-mails Hungerrush Extortion Emails To Restaurant Patrons

Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond.

HungerRush is a restaurant technology provider that offers point-of-sale (POS), online ordering, delivery management, and payment processing software to help restaurants manage orders, customer information, and business operations.

The company claims to work with over 16,000 restaurants, including Sbarro, Jet's Pizza, Fajita Pete's, Hungry Howie's, and many more.

The attacker started sending the emails early Wednesday morning, with multiple recipients sharing samples with BleepingComputer.

The first email was sent from [email protected], prompting HungerRush to stop ignoring their extortion emails or it would put customer data at risk.

"You cannot ignore all my requests and expect me not to take malicious actions. You still have time," reads the email.

"Every restaurant and customer of said restaurants' data which is in the millions is in jeopardy here and I can't even get a response back. Not to worry, there's still time left."

A second email, sent three hours later from "[email protected]," escalates the threat, claiming that the attacker has access to data records for millions of customers that contain names, emails, passwords, addresses, phone numbers, dates of birth, and credit card information.

BleepingComputer's analysis of the email headers shows they were delivered using Twilio SendGrid, which customers have told BleepingComputer was previously used to send HungerRush restaurant receipts.

The emails were sent from o10.e.hungerrush.com (159.183.129.119), which resolves to infrastructure operated by Twilio SendGrid, a platform commonly used by companies to send transactional and marketing emails.

Source: BleepingComputer