Grubhub Reports Cyberattack, Possible Extortion

Grubhub reports that they were hit by a cyberattack and that are now facing extortion demands from the ShinyHunters cybercrime group. 

It's unclear when the breach occurred, but BleepingComputer was told that it was through secrets/credentials stolen in the Salesloft Drift data theft attacks.

The stolen data allegedly includes older Salesforce records from February 2025 and newer information from Grubhub's Zendesk system. Grubhub uses Zendesk to run its support chat, which handles account issues and billing questions. 

The number of affected individuals is not disclosed. 

Grubhub claims the attackers did not access financial data or order histories. The company is working with outside security experts and law enforcement to handle the situation.

Experts advise any company using Salesloft or Zendesk should change their access tokens and secrets immediately. 

Update - as of 26th of January 2026,  Grubhub declared the following: "We're aware of unauthorized individuals who recently downloaded data from certain Grubhub systems," the company said. "We quickly investigated, stopped the activity, and are taking steps to further increase our security posture."

However, the company did not disclose the nature of the attack, exposed data or number of affected individuals. Users of Grubhub should reset their password and change it on all other sites where they use the same password, and be very careful of potential phishing attacks.