HungerRush

HungerRush, a cloud-based point-of-sale platform catering to pizza and fast-casual chains, is reportedly the victim of a significant data breach. A threat actor on a cybercrime forum is currently advertising a database for sale that claims to hold sensitive records for more than 28 million customers and restaurant entities. The reported breach of HungerRush highlights a growing trend of cyberattacks targeting third-party service providers that manage vast amounts of consumer data. By centralizing operations for thousands of restaurant locations, these cloud-based platforms become high-value targets for hackers looking to acquire massive datasets in a single hit. In this specific instance, the seller on the underground forum is seeking a one-time buyer for the entire collection, which suggests the information is fresh and potentially highly profitable for identity theft or targeted phishing campaigns. A deep dive into the advertised data reveals a troubling level of detail regarding both the businesses and their patrons. For individual customers, the leaked records allegedly include full names, physical home addresses, phone numbers, and email addresses. This combination of personally identifiable information is particularly dangerous as it provides bad actors with the necessary tools to bypass security questions or craft convincing scams that appear to come from legitimate restaurant brands. The exposure is not limited to customers, as business owners and the restaurants themselves are also heavily impacted. The database reportedly contains internal business details such as owner names, restaurant descriptions, and specialized contact information like Twilio phone numbers and fax lines. Furthermore, technical data including domain names, URLs for ordering systems, and survey links have been listed, which could allow attackers to map out the digital infrastructure of these businesses for further exploitation. Beyond basic contact info, the presence of internal system markers makes this incident even more concerning for the affected brands. The data includes internal identifiers and system timestamps that show exactly when records were created or modified. This level of technical metadata can help criminals understand how the HungerRush backend is structured, potentially leading to more sophisticated attacks against the platform's integrity or the individual restaurants that rely on it for daily transactions. As the situation unfolds, both restaurant operators and frequent diners of fast-casual chains are advised to remain vigilant. With email addresses and phone numbers out in the open, there is a high likelihood of an uptick in fraudulent communications. While HungerRush has not yet provided a full public accounting of the claims made on the cybercrime forum, the sheer volume of 28 million records serves as a stark reminder of the vulnerabilities inherent in modern, interconnected retail technology.

Restaurants using the HungerRush point-of-sale platform have been hit with a wave of extortion emails from a threat actor claiming to possess millions of customer records. The messages warned that sensitive data would be publicly exposed unless victims complied with payment demands. HungerRush says the campaign stemmed from compromised credentials belonging to a third-party vendor account that had access to the company’s email marketing platform. The company maintains that the attacker’s claims of massive data exposure are inaccurate.

A threat actor has reportedly been sending extortion emails directly to customers of restaurants using the HungerRush point-of-sale platform. HungerRush provides POS, ordering, and payment systems for more than 16,000 restaurants, including Sbarro, Jet's Pizza, Fajita Pete's, Hungry Howie's. The attacker claimed to have access to millions of customer records and threatened to expose the data if the company ignored their demands. However, the situation is a bit more complex. What investigators found: • Emails were sent through Twilio SendGrid infrastructure • They passed SPF, DKIM, and DMARC authentication, making them appear legitimate • HungerRush says a third-party vendor's compromised credentials were used to access an email marketing service The company also says that no sensitive financial or password data was exposed, and that credit card information is not stored in their systems. Still, the incident raises interesting security questions. Discussion points for the community: • Are marketing platforms and email infrastructure becoming a new attack vector? • Should SaaS companies treat communication systems like critical security infrastructure? • Could this type of incident evolve into large-scale phishing campaigns? Curious to hear how the security community views this. Join the discussion below and follow r/TechNadu if you're interested in cybersecurity investigations, threat intelligence, and breach analysis. Source: [https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/](https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/)

Highlights from today: - [Threat Intel] [Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations](https://www.trendmicro.com/en_us/research/26/c/tycoon2fa-takedown.html) - [News] [Hacker mass-mails HungerRush extortion emails to restaurant patrons](https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/) - [News] [149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict](https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html) - [News] [Europol-coordinated action disrupts Tycoon2FA phishing platform](https://www.bleepingcomputer.com/news/security/europol-coordinated-action-disrupts-tycoon2fa-phishing-platform/) - [News] [FBI seizes LeakBase cybercrime forum, data of 142,000 members](https://www.bleepingcomputer.com/news/security/fbi-seizes-leakbase-cybercrime-forum-data-of-142-000-members/) - [Red Team] [Offensive DPAPI With Nemesis](https://specterops.io/blog/2026/03/04/offensive-dpapi-with-nemesis/) - [Cloud Security] [Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale](https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/) - [Threat Research] [What a lower-cost MacBook Neo means for education](https://www.jamf.com/blog/macbook-neo-education-pricing-apple-classroom-accessibility/) - [News] [How a Brute Force Attack Unmasked a Ransomware Infrastructure Network](https://www.bleepingcomputer.com/news/security/how-a-brute-force-attack-unmasked-a-ransomware-infrastructure-network/) - [News] [Mississippi medical center reopens clinics hit by ransomware attack](https://www.bleepingcomputer.com/news/security/mississippi-medical-center-reopens-clinics-hit-by-ransomware-attack/) - [Threat Intel] [Does the UK really want to ban VPNs? And can it be done?](https://www.malwarebytes.com/blog/news/2026/03/does-the-uk-really-want-to-ban-vpns-and-can-it-be-done) - [Supply Chain] [AI-native AppSec: What it is — and why it matters](https://www.reversinglabs.com/blog/ai-native-appsec) #SecOpsDaily

**Threat Actor Extorts HungerRush POS Customers via Mass Emails, Threatening Data Exposure** A threat actor has initiated an extortion campaign targeting customers of restaurants that utilize the **HungerRush point-of-sale (POS) platform**. The attackers are mass-mailing emails directly to patrons, claiming to possess sensitive restaurant and customer data, and threatening to expose it if HungerRush fails to comply with their demands. **Technical Breakdown & TTPs:** * **Targeted Platform:** Restaurants leveraging the **HungerRush POS platform**. The initial compromise vector into HungerRush isn't detailed, but the threat actor's campaign is aimed at *their customers*. * **Extortion Method:** **Mass-mailed emails** to individual patrons, serving as the primary communication for the extortion attempt (MITRE T1566.001 - Phishing: Spearphishing Attachment/Link, T1598 - Phishing for Information, and T1650 - Extortion). * **Threat:** Exposure of claimed **restaurant and customer data**. This strongly implies prior data exfiltration (MITRE T1041 - Exfiltration Over C2 Channel, T1048 - Exfiltration Over Alternative Protocol, though the specific method isn't detailed in the summary). * **Impact:** Potential **data breach** for restaurant patrons and significant reputational damage for HungerRush and its restaurant clients. **Mitigation & Response:** * Organizations using POS platforms, particularly HungerRush, should prioritize a comprehensive review of their **data security posture**, **access controls**, and **logging mechanisms** to detect any unauthorized access or data exfiltration attempts. * **Incident response plans** should be immediately activated or reviewed for swift action in case of confirmed data compromise. * Customers receiving such emails should be advised to **exercise extreme caution**, verify the legitimacy of any claims directly with the affected company (HungerRush/restaurants), and **avoid clicking suspicious links or replying** to the threat actors. * Implement robust **email security measures** and conduct **employee training** to recognize and report social engineering attempts. **Source:** https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/

https://preview.redd.it/2lw9pb2wa2ng1.png?width=784&format=png&auto=webp&s=3fbfb9308adabeab63add13c56118b47b9cd050a This is an interesting one, I have an email alias we use for my cousin's affairs in Ohio and HungerRush is the online vendor for the restaurant we order him pizzas from every so often. This is the only actual spam email ever received to this account in 10 years, we will see if I start getting a flux of it. I wonder how much they wanted? Also a good reminder to use those virtual credit card numbers as I did kill off the one I use with them. Also, not sure where they would get the date of birth from as that is not even asked for to make a transaction or create an account unless they have employee info as well.

I got a really weird email supposedly from someplace called hungerrush. The weird thing is the email is addressed to hunger, rush, but it got sent to me. I have never received anything like this before. Here is the text: Dear HungerRush, You cannot ignore all my requests and expect me not to take malicious actions. You still have time. Every restaurant and customer of said restaurants' data which is in the millions is in jeopardy here and I can't even get a response back. Not to worry, there's still time left. Then they left some link for an email address that’s bleeped out mostly. I can only see like four letters of it. What in the world is this? Edit: It seems like it’s a mass email sent out. The email is no longer in my mailbox, it disappeared. 2nd Edit: I got another email from smh, looks like others have too. 3rd edit: \*Now got another email message that is somehow spoofing my email, so it’s supposedly for me. Threatening to sell my information to the dark web if I don’t give them $600. Anybody else got this email?

At 10:57pm I received an email from HungerRush support, seemingly some sort of forwarded message, claiming that the customer data of restaurants HungerRush serves is "in jeopardy," the sender intends to take "malicious action" if ignored and included a censored protonmail. I saw one other person on X post it too. My only connection to HungerRush is ordering pizza with my family the other night. Scam? Real concern?