Technology

Grubhub confirms data breach amid extortion claims

Published

2 months ago

January 27, 2026

Grubhub confirms data breach amid extortion claims

NEWYou can now listen to Fox News articles!

Food delivery platform Grubhub has confirmed a recent data breach after unauthorized actors accessed parts of its internal systems.

The disclosure comes as sources tell BleepingComputer the company is now facing extortion demands linked to stolen data.

In a statement to BleepingComputer, Grubhub said it detected and stopped the activity quickly.

“We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” the company said. “We quickly investigated, stopped the activity, and are taking steps to further increase our security posture.”

Grubhub added that sensitive information, such as financial details or order history, was not affected. However, the company declined to answer follow-up questions about when the breach occurred, whether customer data was involved or if it is actively being extorted.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN

Grubhub confirmed a data breach after unauthorized actors accessed parts of its internal systems, prompting an investigation and heightened security measures. (Michael Nagle/Bloomberg via Getty Images)

What Grubhub has confirmed so far

While details remain limited, Grubhub confirmed several key points. It has brought in a third-party cybersecurity firm and notified law enforcement. Beyond that, the company has stayed largely silent. That lack of detail has raised concern, especially given Grubhub’s recent security history. Just last month, the company was linked to scam emails sent from its own b.grubhub.com subdomain. Those messages promoted a cryptocurrency scam promising large returns on Bitcoin payments. Grubhub said it contained the incident and blocked further unauthorized emails. It did not clarify whether the two events are related.

Sources link the breach to ShinyHunters extortion

According to multiple sources cited by BleepingComputer, the ShinyHunters hacking group is behind the extortion attempt. The group has not publicly commented on the claims and declined to respond when contacted. Sources say the attackers are demanding a Bitcoin payment to prevent the release of stolen data. That data reportedly includes older Salesforce records from a February 2025 breach and newer Zendesk data taken during the most recent intrusion. Grubhub uses Zendesk to run its online customer support system. That platform handles order issues, account access and billing questions, making it a valuable target for attackers.

How stolen credentials may have enabled the attack

Investigators believe the breach may be tied to credentials stolen during earlier Salesloft Drift attacks. In August 2025, threat actors used stolen OAuth tokens from Salesloft’s Salesforce integration to access sensitive systems over a 10-day period. According to a report from Google Threat Intelligence Group, also known as Mandiant, attackers used that stolen data to launch follow-up attacks across multiple platforms. “GTIG observed UNC6395 targeting sensitive credentials such as AWS access keys, passwords and Snowflake-related access tokens,” Google reported. ShinyHunters previously claimed responsibility for that campaign, stating it stole roughly 1.5 billion records from Salesforce environments tied to hundreds of companies.

Why this breach still matters

Even if payment data and order history were not affected, support systems often contain personal details. Names, email addresses and account notes can be enough to fuel phishing attacks or identity scams. More importantly, this incident highlights how older breaches can continue to cause damage long after the initial attack. Stolen credentials that are never rotated remain a powerful entry point for threat actors.

Ways to stay safe after the Grubhub data breach

If you use Grubhub or any online delivery service, a few smart steps can reduce your risk after a breach.

1) Update your password and stop re-use

Start by changing your Grubhub password right away. Make sure you do not reuse that password anywhere else. Reused passwords give attackers an easy path into other accounts. A password manager can help here. It creates strong, unique logins and stores them securely so you do not have to remember them all.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

The food delivery platform says it quickly stopped the intrusion but has not disclosed when the breach occurred or whether customers were targeted. (Leonardo Munoz/VIEWpress)

2) Turn on two-factor authentication

If two-factor authentication (2FA) is available, enable it. This adds a second step when you sign in, such as a code sent to your phone or app. Even if a hacker steals your password, two-factor authentication can stop them from getting in.

3) Watch closely for phishing attempts and use strong antivirus software

Be alert for emails or texts that mention orders, refunds or support issues. Attackers often use stolen support data to make messages feel urgent and real. Do not click links or open attachments unless you are certain they are legitimate. Strong antivirus software can also help block malicious links and downloads before they cause harm.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Remove your data from people-search sites

Consider using a data removal service to reduce your online footprint. These services help remove your personal details from data broker sites that attackers often use to build profiles. Less exposed data means fewer tools for scammers to exploit.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

5) Ignore crypto messages using trusted brands

Be skeptical of any cryptocurrency offers tied to familiar companies. Grubhub was previously linked to scam emails promoting crypto schemes, which shows how often attackers abuse trusted names. Legitimate companies do not promise fast returns or pressure you to act immediately.

6) Monitor your Grubhub account and email activity

Check your Grubhub account for anything that looks unfamiliar. Watch for unexpected password reset emails, order confirmations or support messages you did not request. Attackers often test stolen data quietly before making bigger moves.

7) Secure the email linked to your Grubhub account

Your email account is the key to password resets. Change that password and enable two-factor authentication if it is not already on. If attackers control your email, they can regain access even after you change other passwords.

8) Stay alert for delayed scams tied to the breach

Breach data is often reused weeks or months later. Phishing attempts may appear long after headlines fade. Treat any future messages claiming to reference Grubhub support, refunds or account issues with extra caution.

These steps will not undo a breach, but they can limit how attackers exploit stolen information and reduce your risk going forward.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

Sources tell BleepingComputer the Grubhub breach is tied to extortion demands involving allegedly stolen customer support data. (Gabby Jones/Bloomberg via Getty Images)

Kurt’s key takeaways

Grubhub’s confirmation puts an official stamp on what sources have warned about for weeks. While the company says sensitive data was not affected, unanswered questions remain. As extortion-driven breaches rise, transparency and rapid credential rotation matter more than ever. What stands out most is how past compromises continue to create new risks. When access tokens live too long, attackers do not need to break in again. They simply walk back through an open door.

If companies stay quiet after breaches, how can customers know when it is time to protect themselves? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:Featured Privacy Security Technologies

Click to comment

Technology

AI influencer awards season is upon us

Published

10 hours ago

March 23, 2026

Press Room

First came the AI beauty pageant. Then the AI music contests. Now, there is an award for AI Personality of the Year — perhaps the inevitable next step for the AI influencer economy as it transforms from quirky novelty into a serious and lucrative industry.

The contest, a joint venture between generative AI studio OpenArt and AI-powered creator platform Fanvue, with backing from AI voice company ElevenLabs, opens on Monday and runs for a month. The organizers said it is intended to “celebrate the creative talent ‘behind’ AI Influencers” and recognize their growing commercial and cultural clout.

Contestants will compete for a total prize fund of $20,000, which will be split between an overall winner and individual categories of fitness, lifestyle, comedian, music and dance entertainer, and fictional cartoon, anime, or fantasy personality. Victors will be celebrated at an event in May that the organizers are dubbing the “‘Oscars’ for AI personalities.”

To enter, you must develop your AI influencer on OpenArt’s platform and submit it at www.AIpersonality.ai. You’ll be asked for social media handles across TikTok, X, YouTube, and Instagram, as well as the story behind the character, your motivations for creating it, and details of any brand work.

Among those assessing contestants are 13‑time Emmy‑winning comedy writer Gil Rief, the creators of Spanish AI model Aitana Lopez, and Christopher “Topher” Townsend, the MAGA rapper behind AI-generated gospel singer Solomon Ray. According to a copy of the judges’ briefing seen by The Verge, contestants will be scored on four criteria: quality, social clout, brand appeal, and the inspiration behind the avatar. Specific points include reliably engaging with followers, portraying a consistent look across social channels, accurate details like having the “right number of fingers and thumbs,” and having “an authentic narrative” behind the avatar.

The contest is open to established creators and novices alike, though existing AI influencers will still need to submit material produced on OpenArt’s platform, Matt Jones, head of brand at Fanvue, told The Verge.

Despite being designed to celebrate creators of virtual influencers, Jones said that entrants don’t need to publicly identify themselves. “If a person who created this amazing piece of work wants nothing to do with the press or to expose themselves or to have their name out there, that’s obviously fine,” he said. “There would be no need to thrust anybody into the limelight here. We would just celebrate the piece of work.”

That creators can remain anonymous feels odd for a contest judging authenticity, particularly in an AI influencer ecosystem built on fictional people, fake personas, and fabricated backstories. That same anonymity has also helped grifts flourish with little accountability, from the AI white nationalist rapper Danny Bones to MAGA fantasy girl Jessica Foster.

There’s familiar baggage too, including persistent questions about originality, whether AI-generated work, or even a likeness, has been lifted from real creators, and whether these tools simply reproduce the same old biases in synthetic form. Organizer Fanvue has already faced criticism for this in the past: in 2024, a Guardian columnist described its “Miss AI” beauty pageant as something that “take(s) every toxic gendered beauty norm and bundle(s) them up into a completely unrealistic package.”

To Fanvue’s Jones, creators inevitably leave something of themselves in the AI characters they make. “You can’t help but put a little bit of yourself into the stories that you tell and the characters that you make,” he said, urging creators to “lean into that.” The idea feels at home in the influencer economy: not strictly real, but a form of synthetic authenticity the internet already knows how to handle.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Robert Hart

Technology

Amazon Health AI brings a doctor to your pocket

Published

11 hours ago

March 23, 2026

Press Room

Amazon Health AI brings a doctor to your pocket

NEWYou can now listen to Fox News articles!

Most people have had this moment. You feel a strange symptom, open your phone and start searching online. Within minutes, you are deep in medical forums reading worst-case scenarios. By the end, you are either terrified or more confused than when you started.

Health care should feel clearer than that. Yet for many of us, it rarely does. Appointments take weeks. Medical records are hard to understand. You often have to repeat the same health history at every visit. Insurance rules feel like a maze.

According to the American Academy of Physician Associates, many Americans say navigating the healthcare system feels overwhelming and they wish doctors had more time to listen. Now, a new tool from Amazon hopes to change that experience. It is called Amazon Health AI.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

$163K IN FAKE MEDICAL BILL CHARGES, AI UNCOVERS IT FOR YOU

Amazon Health AI lets you ask health questions, review records and connect with care directly through the Amazon app. (Kurt “CyberGuy” Knutsson)

What Amazon Health AI actually does

Amazon Health AI, available at amazon.com/health-ai, acts as a digital health assistant that can answer medical questions and help guide you through your care. The tool lives inside the Amazon app and website.

You start by typing a health question into a chat box. From there, the system can:

Explain lab results in plain language
Review symptoms and suggest next steps
Help schedule care with a provider
Assist with prescription renewals
Recommend relevant health products if asked

Health AI connects directly with clinicians from Amazon One Medical when professional care is needed. You can message a provider, start a video visit or schedule an in-person appointment. The goal is to make getting care simpler. Instead of spending time searching for appointments or jumping between different apps, you can move from a question to a provider more quickly. If symptoms suggest a possible emergency, the system may advise you to contact emergency services, such as calling 911.

Amazon is gradually rolling the Health AI tool out to U.S. customers, and availability varies by location.

CyberGuy reached out to Amazon for comment about the new service. Andrew Diamond, Ph.D., M.D., chief medical officer at Amazon One Medical, said the goal is to reduce some of the everyday frustrations people face when navigating healthcare.

“Nearly two-thirds of Americans feel overwhelmed by the healthcare system and wish their doctors had more time to understand their concerns,” Diamond said. “Health AI is designed to handle the logistical and informational work that creates friction in healthcare, so patients and providers can spend more time on what matters most: the human relationship at the heart of healing.”

How Amazon Health AI uses your medical history

Health AI becomes more useful when it understands your medical history.

With permission, the system can access information such as:

Past diagnoses
Medications
Lab results
Doctor’s notes

This data flows through a secure national network called the Health Information Exchange. Health AI can access records from hundreds of thousands of providers nationwide once permission is granted.

For example, imagine someone with asthma develops a cough during flu season. A generic search might treat that symptom like any other cough. Health AI can look at your history and ask follow-up questions based on your specific risk factors.

Health AI can provide general information about someone else’s health question, but personalized answers are limited to the medical history of the account holder.

That context helps the system provide more relevant guidance. Still, the assistant does not replace doctors. When the situation requires medical judgment, it connects you with a real clinician.

CHATGPT COULD MISS YOUR SERIOUS MEDICAL EMERGENCY, NEW STUDY SUGGESTS

Health AI can help explain lab results, check symptoms and connect you with care through your phone. (Amazon)

How Amazon connects AI with real medical care

The service works closely with Amazon One Medical providers. Prescription renewals can also move through the system, with requests sent to a One Medical provider who reviews the request before approval. You can fill prescriptions through Amazon Pharmacy or another pharmacy you prefer. This approach helps reduce the steps people often face when trying to get care. Instead of spending time searching for appointments or jumping between different apps, you can move from a question to a provider more quickly.

Special access for Prime members

Amazon is also adding a limited introductory benefit. Eligible members of Amazon Prime can receive up to five free message-based consultations with a One Medical provider.

Neil Lindsay, senior vice president of Amazon Health Services, said the goal is to make care easier to access through the tools people already use. “Eligible Prime member accounts get up to five free direct message care consultations with a One Medical provider for any of the 30 common conditions,” Lindsay said.

These visits cover common conditions, including:

Colds and flu
Allergies and acid reflux
Pink eye and UTIs
Hair loss and skin care

Outside the promotion, message or telehealth visits typically cost about $29. A full One Medical membership provides broader virtual care and costs less for Prime members than for non-members.

How Amazon says it protects health data

Health information raises serious privacy questions. Amazon says Health AI runs inside a HIPAA-compliant environment with strong encryption and strict access controls. According to the company, personal health data is not used to sell ads. Amazon also says protected health information from One Medical and Amazon Pharmacy is not used for advertising or sold to third parties.

The system also includes safety guardrails. If the AI cannot confidently answer a question, it directs you to a human provider. Behind the scenes, the technology runs on Amazon’s AI platform called Amazon Bedrock.

Amazon also emphasized that Health AI was designed alongside medical professionals rather than built purely as a technology product.

“This isn’t a chatbot with a healthcare skin,” said Prakash Bulusu, chief technology officer at Amazon Health Services. “It’s a system designed from the ground up to be personalized, trustworthy and useful.”

Bulusu said he personally tested the system with his own health data, and it surfaced lab work he had forgotten to complete after a physical exam.

CHATGPT HEALTH PROMISES PRIVACY FOR HEALTH CONVERSATIONS

You can ask Health AI about symptoms and receive guidance before deciding whether to seek medical care. (Amazon)

Why Amazon believes AI belongs in healthcare

Millions of people already search Amazon for vitamins, blood pressure monitors and health products. The company believes AI can help guide those searches and connect them with medical advice. Amazon also partnered with major health systems, including the Cleveland Clinic and Rush University System for Health, to create smoother referrals between primary care and specialists. The idea is continuity. You should not feel like you are starting from scratch every time you see a new provider.

What this means for you

Tools like Health AI show how quickly artificial intelligence is moving into everyday health decisions. For patients, the potential benefits are clear. Faster answers. Simpler records. Easier access to doctors.

Yet it also raises big questions about privacy, data control and how much we rely on automated systems for health advice. AI can help people understand their health. But the human doctor still plays the absolute most important role. The challenge will be finding the right balance.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Healthcare can be frustrating. Long waits, confusing records and disconnected systems often leave you feeling lost. Amazon believes AI can help guide you through that process. If the technology works as promised, it could help millions of us understand our health faster and reach care sooner. Still, any system that handles sensitive medical information must earn trust over time. That trust will depend on transparency, security and how responsibly companies use personal health data.

Would you feel comfortable letting an AI assistant review your medical history and guide your health decisions? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Technology

Crimson Desert dev apologizes for use of AI art

Published

22 hours ago

March 22, 2026

Press Room

Crimson Desert dev apologizes for use of AI art

Reviews of Crimson Desert have been mixed, but the bigger issue for the game has been the discovery of what appeared to be AI-generated assets in the final release. Now the developer has acknowledged that AI art was indeed used during the game’s creation, but says that it was intended to be replaced before release. In a statement on X, the company said it was conducting a “comprehensive audit” to identify and replace any AI-generated content.

The company apologized for both its inclusion in the final release and for not being more transparent about its use during development. “We should have clearly disclosed our use of AI,” it said.

The use of generative AI in gaming has become a hot-button issue of the last couple of years as it’s made its way into several high-profile titles. While some large studios have embraced it, many smaller developers have revolted against the trend, proudly proclaiming their games to be “AI free.”