Data breach exposes details of over 3.5 million FreshMenu customers

Bengaluru-based food delivery service platform FreshMenu, founded in 2014 and known for pioneering the cloud kitchen model in India, has recently faced a significant data breach. More than 3.5 million order details, including sensitive customer information such as phone numbers, emails, names, billing and shipping addresses, and IP addresses, were reportedly exposed in the incident.

FreshMenu, an early adopter of the cloud kitchen model, began doorstep food delivery at a time when such services were still novel to internet users in the country. Notably, industry giants like Zomato and Swiggy entered the food delivery scene after FreshMenu's inception. Zomato, founded in 2010, only ventured into food delivery in mid-2015, while Swiggy, founded in August 2014, started operations around the same time as FreshMenu.

In terms of financial backing, FreshMenu raised Rs 50 crore (about $6.4 million), led by Florintree Advisors. The funds were utilised to expand its kitchen footprint and introduce new brands.

As per latest available information, FreshMenu processes over 8,000 orders daily across four cities — Bengaluru, Delhi, Gurgaon, and Mumbai. The startup derived approximately 85 per cent of its revenue from meal delivery aggregators like Swiggy and Zomato, with the remaining 15 per cent coming from its direct-to-consumer service.

The recent data breach, uncovered by the Cybernews research team, revealed that a 26 GB MongoDB database containing customer information was left unprotected, allowing public access.

Though the breach was brought to FreshMenu's attention on 14 December 2023, no response was received. The database has since been secured, but FreshMenu remains silent on the matter, refraining from providing comments or acknowledgment.

The compromised data poses serious risks, including identity theft, phishing attacks, and targeted scams. This incident further highlights the pressing need for companies to fortify the protection of sensitive information, especially in an era marked by swift technological advancements and growing concerns over data security.