Name, address, orders – all this data from Gorillas customers was meanwhile available. Other delivery services apparently also do not adequately protect their customer data.
The 10-minute delivery service Gorillas apparently had a massive security problem: More than a million data from more than 200,000 customers are said to have been available on the network. The data leak was discovered by the IT collective Zerforschung, a group of security researchers. The group then informed the Federal Office for Information Security and the NDR and RBB, which reported on it first.
Name, telephone number, email address and home address – this information has since been available, according to the collective. The orders themselves were also visible: Did someone order rice, chocolate, schnapps or condoms? In some cases, house entrances or doorbell signs were also photographed to confirm the delivery, as the collective writes.
Security gap now closed again
Gorillas confirmed the data leak to NDR and RBB. The food startup already informed the affected customers by email on Thursday and has therefore closed the security gap again. “Before this event, we were unable to detect any unusual activity and are therefore assuming that customer data has not been accessed,” it says. The competent authorities have already been informed.
Other providers also have to struggle with such security problems: It was not until the beginning of March that the Berlin company Flink became aware of a security gap. Here, too, it was the exploration collective that discovered them.
Gorillas only started less than a year ago and has seen insane growth since then: With the last round of funding, the startup was promoted to the club of unicorns, the companies valued at more than a billion dollars. The business with fast food deliveries is hotly contested: Now the Turkish supplier Getir, model of Gorillas founder Kagan Sümer, wants to come to Berlin, as the Gründerszene researched.