An anonymous hacker has been able to infiltrate food delivery startup InnerChef's servers, and has leaked a partial list of names, phone numbers, and email addresses used at registration to demonstrate the exploit.
Gadgets 360 confirmed the data breach by calling and verifying three of the phone numbers provided in the list by the hacker in an email. All the three users confirmed that they had used InnerChef's food delivery service.
"InnerChef is an Indian startup that got funding but despite all that, their security sucks. This funded startup doesn't care about customer data and only about money, growth, and orders," the hacker wrote in the email, which disclosed the identities of 35 InnerChef users to demonstrate the breach.
The hacker seems to have a particular axe to grind with the company, accusing InnerChef Co-Founder Rajesh Sawhney of kicking out three co-founders from the startup.
"This leak is his punishment. Baby, you can not UseNThrow [sic] people, at least till I am alive. I am not telling you where is the Blind Sql Injection bug in your modified code, I will keep that backdoor alive to maintain access. Every now and then, I will punish you for what you did. You wasted money & hard work invested in the early stage by my loved ones by showing them the way out. Now I will destroy you, everything you own, everything you are involved in, until you give up your life. You can't catch me, you can't stop me; We are legion, expect us," the email reads.
Gadgets 360 hasn't received a comment or response acknowledging our emailed queries on measures taken to stem the data breach from the company.
Founded in 2015, InnerChef had raised $1.66 million (roughly Rs. 11 crores) in pre-series A funding in September 2015. The startup delivers food and recipe boxes for easy to prepare food in Gurgaon, Delhi, Noida, Bengaluru, Chennai, Mumbai, and Hyderabad.