Foodora security breach may affect customers in Finland

The delivery firm's database hack is estimated to affect around 727,000 people across 14 countries.

File photo of a Foodora meal courier. Image: Ralph Peters / AOP

A data breach at online restaurant delivery service Foodora which revealed personal details linked to hundreds of thousands of accounts across 14 countries may also affect the company's customers in Finland, according to media reports.

Earlier this week, Foodora's parent company Delivery Hero confirmed the breach affecting around 727,000 customers, according to online magazine Infosecurity (siirryt toiseen palveluun). The leaked information included customer names, addresses, phone numbers as well as hashed - or obscured - passwords. However, the site reported that while no financial data of customers was leaked, users' GPS data - location information accurate to "within a couple of inches" was included in the breach.

Foodora became Finland's largest food delivery service after it bought up rival delivery firm Pizza Online at the beginning of the year.

Security news site GovInfoSecurity reported the hack was uncovered (siirryt toiseen palveluun) on May 19, when the stolen data was seen posted on "a well-known forum for leaking stolen data."

Foodora's director of PR and corporate communications confirmed that the breach included customer information dating back to 2016, according to tabloid paper Ilta-Sanomat's tech news arm, IS Digitoday (siirryt toiseen palveluun).

GovInfoSecurity noted that Foodora customers across 14 countries were affected by the hack but did not specifically mention that customers based in Finland were singled out.

However, a reader of the GovInfoSecurity story noted in an online comment that a screenshot of affected customers in the article appeared to refer to Finnish customers. One of the files shown in the screenshot began with the letters "FI," indicating it would contain information about someone based in Finland. Instead of Finland, the article refers to Liechtenstein, whose country code is "LI."

Foodora did not confirm such suspicions to IS Digitoday, but did say the data breach affected "countries in both our current and past markets".