SevenRooms Restaurant Platform Sufferes a Data Breach
Costumers’ Data Got Exposed.
SevenRooms restaurant platform confirmed that it was affected by a data breach after hackers posted stolen data for sale on the darknet.
The restaurant customer relationship management (CRM) platform is used by multinational restaurant chains and hospitality service companies, like MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolfgang Puck, and many more.
Details about the Breach
On December 15, 2022, a post appeared on the Breached hacking forum about stolen data in an incident that affected SevenRooms. The hackers claimed they have a 427 GB backup database containing thousands of files with information about the platform’s customers.
CRM platform confirmed that it was indeed their data and explained that the data leakage was caused by unauthorized access to the systems of one of its vendors.
SevenRooms recently learned that a file transfer interface of a third-party vendor was accessed without authorization.
However, the platform assures that its systems have not been affected by the data breach, and are still protected from unauthorized access.
“We immediately disabled access to the interface, launched an internal investigation, and we currently have no evidence that any of SevenRooms’ proprietary databases were affected,” said the company.
What Data Was Leaked?
Seller posted online samples in which it can be seen folders named after famous restaurants, clients of SevenRooms, as well as API keys, discount codes, payment records, reservation lists, and more.
This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses and phone numbers.
But, as the company explained, highly sensitive information like credit card information, bank account data, or social security numbers, were not compromised.
SevenRooms hired an independent cybersecurity company to investigate the attack. Until further information, it is unclear exactly what restaurants and customers were affected by this breach.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.