Did GrubHub Suffer a Data Breach?

Did the GrubHub customer service suffer a data breach affecting over 70 million customers? Explore what happened with BreachDirectory.com.

Preface

GrubHub is an American food ordering and delivery app also famous for its GrubHub customer service. GrubHub is a subsidiary of Just Eat since 2021, and the company has been bought by Wonder Group Inc. in 2024.

According to multiple sources, GrubHub had almost 20 million active users as of 2019, as well as over 100,000 restaurants across over 3,000 cities in all states of the United States.

Did GrubHub Customer Service Suffer a Data Breach?

Part of the reason why GrubHub and the GrubHub customer service is in the spotlight these days has to do with a different reason – GrubHub is alleged to have suffered a data breach. According to attackers, in January 2025, they “breached Grbuhub and exported ~ 70 million lines of user information.” It is unclear whether one line pertains to one user, but if that’s the case, the alleged number of people at risk could also be around or more than 70 million.

What Data is at Risk?

According to the hackers, the GrubHub data breach includes:

• 66 million email addresses
• 22 million phone numbers
• 17 million passwords

According to some sources on the web, the passwords pertaining to GrubHub and the GrubHub customer service were hashed using SHA1 which is a vulnerable hashing algorithm because of collision resistance: it is possible to find two different messages that produce the same hash in the end.

Aside from that, this data breach appears to be related to the data breach that allegedly happened in February 2025 where driver and customer data pertaining to GrubHub and its GrubHub customer service was exposed.

The outcomes of the GrubHub and GrubHub customer service data breach were shared on BreachForums – a popular website for cybercriminals and script kiddies.

How to Protect Myself?

To protect yourself from the proceeds of this GrubHub customer service data breach, follow this advice:

• Change your password used on GrubHub and related services and don’t use the same password more than once (password managers can help with this.)
• Make use of data breach search engines like BreachDirectory to help you ensure that your account is not at risk of identity theft now or in the future.
• Register for data breach notifications today to be informed once your account is at risk of identity theft.
• If you’re a developer, be mindful of attacks directed at web applications and ways to prevent them. Educating yourself about how injection and related attacks work is a great place to start. Additionally, stay in the loop about security by attending industry conferences and reading books. Hacking MySQL: Breaking, Optimizing, and Securing MySQL for Your Use Case will walk you through what developers do to “break“ their database instances (make queries perform slowly), how to optimize your SQL query performance, and tell you how best to secure your most vital assets. Start reading the book today!

Summary

It appears that GrubHub and the GrubHub customer service did indeed suffer a data breach. It is said that the data breach involved data from around 70,000,000 GrubHub customers.

To stay safe, use data breach search engines like BreachDirectory, consider using the BreachDirectory API if you’re a developer to implement the data in the BreachDirectory data breach search engine into your own systems, and until next time.

FAQ

What Data Did the GrubHub Customer Service Data Breach Expose?

The GrubHub data breach allegedly exposed 66 million email addresses, 22 million phone numbers, as well as over 17 million passwords. Stay safe – visit data breach search engines like BreachDirectory and ensure your data is not in the hands of cyber criminals.

Should I Use the GrubHub Customer Service?

Yes. Aside from the fact that a data breach has exposed data of over 70 million GrubHub customers, GrubHub is not a shady service.

Am I at Risk of Identity Theft?

To ensure that you are not at risk of identity theft, make visiting data breach search engines a part of your daily routine. To be informed when your account appears in a data breach, make sure to register for data breach notifications as well.