Technology
Grubhub confirms data breach amid extortion claims
NEWYou can now listen to Fox News articles!
Food delivery platform Grubhub has confirmed a recent data breach after unauthorized actors accessed parts of its internal systems.
The disclosure comes as sources tell BleepingComputer the company is now facing extortion demands linked to stolen data.
In a statement to BleepingComputer, Grubhub said it detected and stopped the activity quickly.
“We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” the company said. “We quickly investigated, stopped the activity, and are taking steps to further increase our security posture.”
Grubhub added that sensitive information, such as financial details or order history, was not affected. However, the company declined to answer follow-up questions about when the breach occurred, whether customer data was involved or if it is actively being extorted.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN
Grubhub confirmed a data breach after unauthorized actors accessed parts of its internal systems, prompting an investigation and heightened security measures. (Michael Nagle/Bloomberg via Getty Images)
What Grubhub has confirmed so far
While details remain limited, Grubhub confirmed several key points. It has brought in a third-party cybersecurity firm and notified law enforcement. Beyond that, the company has stayed largely silent. That lack of detail has raised concern, especially given Grubhub’s recent security history. Just last month, the company was linked to scam emails sent from its own b.grubhub.com subdomain. Those messages promoted a cryptocurrency scam promising large returns on Bitcoin payments. Grubhub said it contained the incident and blocked further unauthorized emails. It did not clarify whether the two events are related.
Sources link the breach to ShinyHunters extortion
According to multiple sources cited by BleepingComputer, the ShinyHunters hacking group is behind the extortion attempt. The group has not publicly commented on the claims and declined to respond when contacted. Sources say the attackers are demanding a Bitcoin payment to prevent the release of stolen data. That data reportedly includes older Salesforce records from a February 2025 breach and newer Zendesk data taken during the most recent intrusion. Grubhub uses Zendesk to run its online customer support system. That platform handles order issues, account access and billing questions, making it a valuable target for attackers.
How stolen credentials may have enabled the attack
Investigators believe the breach may be tied to credentials stolen during earlier Salesloft Drift attacks. In August 2025, threat actors used stolen OAuth tokens from Salesloft’s Salesforce integration to access sensitive systems over a 10-day period. According to a report from Google Threat Intelligence Group, also known as Mandiant, attackers used that stolen data to launch follow-up attacks across multiple platforms. “GTIG observed UNC6395 targeting sensitive credentials such as AWS access keys, passwords and Snowflake-related access tokens,” Google reported. ShinyHunters previously claimed responsibility for that campaign, stating it stole roughly 1.5 billion records from Salesforce environments tied to hundreds of companies.
Why this breach still matters
Even if payment data and order history were not affected, support systems often contain personal details. Names, email addresses and account notes can be enough to fuel phishing attacks or identity scams. More importantly, this incident highlights how older breaches can continue to cause damage long after the initial attack. Stolen credentials that are never rotated remain a powerful entry point for threat actors.
Ways to stay safe after the Grubhub data breach
If you use Grubhub or any online delivery service, a few smart steps can reduce your risk after a breach.
1) Update your password and stop re-use
Start by changing your Grubhub password right away. Make sure you do not reuse that password anywhere else. Reused passwords give attackers an easy path into other accounts. A password manager can help here. It creates strong, unique logins and stores them securely so you do not have to remember them all.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS
The food delivery platform says it quickly stopped the intrusion but has not disclosed when the breach occurred or whether customers were targeted. (Leonardo Munoz/VIEWpress)
2) Turn on two-factor authentication
If two-factor authentication (2FA) is available, enable it. This adds a second step when you sign in, such as a code sent to your phone or app. Even if a hacker steals your password, two-factor authentication can stop them from getting in.
3) Watch closely for phishing attempts and use strong antivirus software
Be alert for emails or texts that mention orders, refunds or support issues. Attackers often use stolen support data to make messages feel urgent and real. Do not click links or open attachments unless you are certain they are legitimate. Strong antivirus software can also help block malicious links and downloads before they cause harm.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
4) Remove your data from people-search sites
Consider using a data removal service to reduce your online footprint. These services help remove your personal details from data broker sites that attackers often use to build profiles. Less exposed data means fewer tools for scammers to exploit.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
5) Ignore crypto messages using trusted brands
Be skeptical of any cryptocurrency offers tied to familiar companies. Grubhub was previously linked to scam emails promoting crypto schemes, which shows how often attackers abuse trusted names. Legitimate companies do not promise fast returns or pressure you to act immediately.
6) Monitor your Grubhub account and email activity
Check your Grubhub account for anything that looks unfamiliar. Watch for unexpected password reset emails, order confirmations or support messages you did not request. Attackers often test stolen data quietly before making bigger moves.
7) Secure the email linked to your Grubhub account
Your email account is the key to password resets. Change that password and enable two-factor authentication if it is not already on. If attackers control your email, they can regain access even after you change other passwords.
8) Stay alert for delayed scams tied to the breach
Breach data is often reused weeks or months later. Phishing attempts may appear long after headlines fade. Treat any future messages claiming to reference Grubhub support, refunds or account issues with extra caution.
These steps will not undo a breach, but they can limit how attackers exploit stolen information and reduce your risk going forward.
FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS
Sources tell BleepingComputer the Grubhub breach is tied to extortion demands involving allegedly stolen customer support data. (Gabby Jones/Bloomberg via Getty Images)
Kurt’s key takeaways
Grubhub’s confirmation puts an official stamp on what sources have warned about for weeks. While the company says sensitive data was not affected, unanswered questions remain. As extortion-driven breaches rise, transparency and rapid credential rotation matter more than ever. What stands out most is how past compromises continue to create new risks. When access tokens live too long, attackers do not need to break in again. They simply walk back through an open door.
If companies stay quiet after breaches, how can customers know when it is time to protect themselves? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Nothing’s next budget phone is the latest victim of RAMageddon. As 9to5Google reports, Nothing co-founder Akis Evangelidis announced in a post on X that a follow-up to the CMF Phone 2 Pro won’t be coming this year:
We were working on a successor but with memory prices where they are right now, we can’t build a phone that feels like a genuine step forward at a price that makes sense for CMF. As a result, we’ve decided not to launch a new CMF phone this year.
Last week, Nothing CEO and co-founder Carl Pei also said the RAM shortage has impacted the cost of the company’s mid-range phone, stating, “For Phone 4A, memory costs doubled between when we decided to build the device and when it launched. They’ve doubled again since.” According to Pei, “memory is now the most expensive component in a smartphone.” Nothing is far from the only company facing RAM pricing challenges — earlier this week, Tim Cook announced Apple will be raising prices, saying “the situation has become unsustainable.”
While there won’t be a new CMF phone this year, Evangelidis added in his post that CMF still has “several new products launching as well as some entirely new categories.” He also hinted that “the smartphone launch season at Nothing isn’t over yet.”
China approves world’s first commercial brain chip
Apple unveils new child safety tools, enabling parents to manage kid accounts, media access, communication, apps, and browsing. Tech companies like Meta, Roblox, YouTube and TikTok enhance safety with age verification, content moderation and time limits. China approves the world’s first commercial brain chip, raising privacy concerns.
NEWYou can now listen to Fox News articles!
A coin-sized brain chip in China could help people with paralysis control devices using their thoughts. China has approved a brain-computer interface called NEO for commercial medical use in certain patients with paralysis caused by spinal cord injuries. That moves brain-chip technology out of research trials and closer to real-world medical care.
Developed by researchers at Tsinghua University and Shanghai-based Neuracle Technology, NEO sits under the skull but rests on the brain’s protective outer layer rather than piercing deep into brain tissue. That design could make it less invasive than some competing implants.
For patients who have lost movement, this kind of technology could be life-changing. It could help restore a level of independence that once felt out of reach. But here’s where we need to slow down a bit. If a brain chip can turn your brain signals into digital commands, we need to ask who controls that data and how well it is protected.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
BRAIN IMPLANT ENABLES ALS PATIENT TO COMMUNICATE USING AI
China’s NEO brain implant could help some paralysis patients control devices, like prosthetic hands, with their thoughts while raising concerns over brain data privacy. (Tsinghua University)
What is China’s NEO brain chip?
NEO is a brain-computer interface, often called a BCI. These systems read brain activity and translate it into commands for an external device. In this case, the implant uses sensors placed near the brain’s motor-control area. Those signals can help a patient operate equipment such as a robotic glove or computer interface.
What makes NEO especially notable is its placement. Brain-computer interfaces can be designed in different ways, and some go deeper into the brain than others. The company most people know in this space is Neuralink, the brain-chip startup co-founded by Elon Musk. Its implant uses tiny threads that enter the brain’s cortex. NEO takes a less invasive approach by placing electrodes on the dura mater, which is the protective membrane around the brain.
That design matters because every brain implant carries medical risk. Surgery can cause bleeding, swelling, infection or tissue damage. Even a small complication in the wrong part of the brain can affect speech or movement.
China’s approval does not mean brain chips are suddenly available for anyone who wants one. This remains a medical device for a narrow group of patients. Right now, the focus centers on helping people with severe paralysis regain some digital or assisted movement control.
Why China’s brain chip breakthrough matters
The medical upside here is hard to deny. More than three billion people worldwide live with neurological conditions, according to the World Health Organization. That includes people dealing with stroke, epilepsy, Parkinson’s disease, spinal cord injuries and other serious conditions.
For someone who has spent years unable to move freely or communicate easily, even a small amount of restored control could feel enormous. That is why brain-computer interfaces are getting so much attention. They could give some patients a new way to interact with the world around them.
Neuralink has already shown what that can look like in real life. Audrey Crews, a Neuralink trial participant who has been paralyzed for years, publicly shared that she wrote her name using the implant by controlling her computer.
ELON MUSK SHARES PLAN TO MASS-PRODUCE BRAIN IMPLANTS FOR PARALYSIS, NEUROLOGICAL DISEASE
How China’s brain chip compares with Neuralink
Elon Musk’s Neuralink has attracted most of the public attention in the U.S. brain-chip race. Musk has talked openly about restoring movement, helping people communicate and one day addressing vision loss.
Neuralink received approval to begin human trials, and more than 20 people have reportedly received its implant through testing. However, it has not received broad FDA approval for general commercial use.
China’s NEO approval puts a different kind of pressure on the field. It shows that China wants to move brain-computer interface technology into its health system and build a major industry around it.
This also fits a larger pattern. China has made BCI development part of its strategic technology push. The country wants breakthroughs by 2027 and a globally competitive brain-computer interface industry by 2030.
The coin-sized NEO brain chip rests on the brain’s protective outer layer, making it less invasive than implants that pierce brain tissue. (Tsinghua University)
Why brain chip privacy is such a big concern
We already worry about phones listening, apps tracking location and smart TVs collecting viewing habits. Brain-computer interfaces take that concern to another level.
A BCI collects signals from the nervous system. Today, that may mean decoding movement intent, such as whether a patient wants to move a cursor left or right. But as the technology improves, the data could become more sensitive.
That raises some big questions. Who owns the brain data? Can it be sold, shared or used to train AI systems? Could an insurer, employer or government ever demand access? What happens if a company changes its privacy policy after the implant becomes part of someone’s daily life?
Those questions sound dramatic until you remember how many connected devices began as conveniences and turned into data pipelines.
A brain chip designed for medical help should not become another ad platform, another surveillance tool or another database waiting to be breached.
YOUR HEALTH DATA IS BEING SOLD WITHOUT YOUR CONSENT
Could hackers target brain-computer interfaces?
This is where the whole brain-chip conversation gets very serious. Any device that connects to a computer raises security questions. A brain-computer interface raises even bigger ones because it deals with signals from your body and, in some cases, the devices that help you move or communicate.
The concern here is someone getting access to neural data, device settings or the commands moving between the implant and outside equipment. Think about that for a second. If a brain chip helps someone control a robotic hand, a wheelchair or a communication device, a security failure could affect far more than privacy. It could affect that person’s independence and safety. That to me is scary.
Companies building these devices need to treat cybersecurity like part of the surgery, not some software update they figure out later. Encryption, strict access controls, medical-grade testing and clear update policies should be baked in from day one.
And because a brain implant may stay inside a person’s body for years, long-term support has to be part of the deal. No one should end up with an outdated implant in their head because a company moved on to the next big product launch.
What China’s brain chip means to you
For now, this technology is geared toward patients with serious medical needs. So, no, most of us are not lining up for a brain chip anytime soon. But this should still get your attention.
We already give up a lot of personal data through our phones, watches, cars and smart home devices. A brain implant takes that to a whole different level because the data comes from inside the body. That is about as personal as it gets.
Before this technology moves beyond hospitals and medical trials, patients need plain answers before they agree to anything. They should know who can access the data, how long it gets stored, whether it can be shared and whether it can help train AI systems.
The medical potential here is incredible. Helping someone regain control or communicate again could change a life. But the privacy protections need to be just as strong as the technology itself.
NEURALINK BRAIN IMPLANT HELPS ARIZONA MAN REGAIN CONTROL OF HIS LIFE
Brain-computer interfaces, like Neuralink, pictured here, could restore independence for some patients, but experts say neural data needs strong privacy and cybersecurity protections. (Neuralink)
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com
Kurt’s key takeaways
China’s NEO brain chip could be a huge step forward for people living with paralysis. If this technology helps someone regain control or communicate again, that is powerful. But I also think we need to be very careful here. Once a device connects your brain signals to outside technology, the privacy stakes change fast. We are talking about data tied to your nervous system. That to me is the line we need to watch closely. Brain chips could do incredible good. But companies and governments need clear limits before this technology moves any further into everyday life. The promise is real. So are the risks. And when the data comes from inside your own head, “trust us” will never be enough.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Would you ever consider a brain implant if it could restore movement or communication, or does the privacy risk feel too personal to accept? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Relativity Space, the rocket company led by former Google executive Eric Schmidt, was picked to launch NASA’s Aeolus payload to Mars in 2028, as reported earlier by TechCrunch. Under a new public-private partnership, Relativity Space will provide the “spacecraft, rocket, and cruise operations” to fly Aeolus to Mars, where the payload will “provide the first integrated, daily, global view of Martian winds, temperatures, dust, and clouds.”
The Aeolus payload will have four instruments on board for studying the Martian atmosphere, which NASA says will “directly inform entry, descent, and landing systems and support safer, more predictable mission planning for astronauts.”
Schmidt, who served as CEO of Google from 2001 to 2011, became Relativity Space’s CEO in 2025, a couple of years after it launched the “world’s first 3D-printed rocket,” Terran 1, which failed shortly after launch. Relativity Space’s larger Terran R rocket isn’t scheduled to have its first launch until later this year.
-
Colorado29 seconds agoColorado neighbors lament likely closure of Roxborough library; $22 million regional library breaks ground nearby
-
Connecticut6 minutes agoDiesel fuel spill shuts two lanes on I-91 north in Wethersfield
-
Delaware13 minutes agoDelaware history in News Journal archives June 21-27: Sussex flood
-
Florida16 minutes ago7 of our favorite Florida restaurants in Vero Beach and Fellsmere
-
Georgia21 minutes ago2 Georgia lake towns named among the South’s best places to live
-
Hawaii28 minutes agoHawaii County Surf Forecast for June 20, 2026 | Big Island Now
-
Idaho31 minutes ago‘Land back’ gift to Boise Valley tribes celebrated during annual Return of the Boise Valley People
-
Illinois36 minutes agoIllinois Tollway proposing increased tolls in 2027 to fund $26.5 billion in road construction
