Grubhub says hackers stole company data in recent breach - here's what we know

News
By published

Food delivery company hack is being linked to ShinyHunters

GrubHub app on a mobile phone
(Image credit: Shutterstock / Diego Thomazini)
  • Grubhub data stolen in apparent Salesloft Drift breach; ShinyHunters now extorting company
  • Attackers threaten to leak Salesforce and Zendesk data unless paid in bitcoin
  • At least 31 organizations hit in related breaches since August 2025

It seems that we can now add Grubhub to the ever-expanding list of businesses which had data stolen in the Salesloft Drift security fiasco.

Exclusive reporting from BleepingComputer claims Grubhub, a popular US food delivery platform, got hacked, and is now being extorted for money.

"We're aware of unauthorized individuals who recently downloaded data from certain Grubhub systems," Grubhub said. "We quickly investigated, stopped the activity, and are taking steps to further increase our security posture. Sensitive information, such as financial information or order history, was not affected."

ShinyHunters and Salesloft Drift

Still, some information was taken, and at this time, we don’t know which, or how many people are affected. Police have been notified, it was said, and external cybersecurity experts were brought in to assist.

Citing sources familiar with the matter, the publication says that the infamous ShinyHunters ransomware group was behind the attack. They are now asking for payment in bitcoin, to keep Salesforce and Zendesk data from being leaked on the dark web. Salesforce data is apparently from a February 2025 breach, while Zendesk data is newer.

The breach happened after Grubhub’s login credentials and secrets got leaked through the Salesloft Drift attacks. For those with a shorter memory span, in August 2025 hackers stole OAuth tokens for Salesloft’s Salesforce integration, and in the course of the next couple of months, exfiltrated sensitive data on dozens, if not hundreds, of organizations all over the world.

So far, there are at least 31 confirmed cases of data breaches related to the Salesloft Drift incident, including Dynatrace, Cloudflare, Palo Alto Networks, and many others. The full list can be found on this link.

The group known as ShinyHunters claimed responsibility for the attack. This is a ransomware actor that abandoned the encryption part of the process and focuses solely on data exfiltration.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.