Foodmandu 50K users data leaked by a hacker

The hacker made a tweet about the hack on March 7 Night at 8:15 pm. Here is a snap of the tweet.

Foodmandu official statement

Foodmandu, after fixing the loophole, has released its official statement about the data breach incident. They say the incident doesn’t have any impact on their commercial operations. In the official statement, they accept unauthorized customer data access by a hacker which includes the Name, Address, Email address, and phone number.

They have also revealed that they are in talks with the Cyber Crime Division of Nepal Police for further actions. The pioneering company had also asked the authorities (where the data resides) to take down the breached data.

They express their commitment to protect customer data of all forms and also seek support from the digital ecosystem in this situation.

Here is the official statement of Foodmandu on the incident.

NOTICE!!! pic.twitter.com/nDAWcm01kc

— Foodmandu (@foodmandu) March 8, 2020

We have been warned multiple times with the news of such hacks and breaches time and again. But the Nepalese digital sphere has to do a lot to prevent such unauthorized access and secure its data. It is high time companies take information security as the topmost priority.

As the companies are investing millions in operations and marketing, it is not known why the security aspect has been overlooked while having the biggest impact. Who knows the hacker could have done damage to the whole platform if it can access the data!!!

Update 1:

Mr. Mugger has now deleted the earlier Tweet and the Github link to the data is also down. We can only see Mr. Mugger’s tweet in the day time as “Data is beautiful”. Yes, indeed Data is the beauty that everyone looks for.

With the above deletion of the hacker’s tweet, we can only guess if there has been some sort of deal between the hacker and Foodmandu. OR Twitter, Github might have taken down the tweet and compromised data at the request of the authorities.

Update 2:

Foodmandu has released another statement, informing people of their actions against the hack and removing such vulnerabilities. Foodmandu tries to assure people that their system is not affected in any way along with the safeguard of the user’s password. They ask people not to receive or reply to calls, SMS with the promise to resolve the issue.

They also urge their users to change their passwords periodically to avoid any risks.

Update 3: ( December 9, 2020)

Nepal Police, Cyber Bureau has finally arrested Dinesh Tiwari who is the man behind the Foodmandu Hack. As per the info, he could be the same hacker as named as Mr. Mugger. They were successful in tracking down the Hacker with the special operation called Hackers hunt.