Yes, GrubHub was hacked. Last week, on Jan 16th 2026, the food ordering platform confirmed to BleepingComputer that it had been affected by a recent data breach. A company spokesperson stated that the company is aware of an incident in which threat actors downloaded data from GrubHub systems. GrubHub has not yet confirmed what type of data was stolen by the hackers, nor whether a hacker organization is currently extorting them. However, multiple sources familiar with the matter have confirmed that GrubHub was, in fact, hit with a ransom request by the infamous ShinyHunters. And hackers are currently demanding that it pay a large sum in crypto.
The breached data likely includes the data stolen from GrubHub in February last year, when hackers accessed names, emails, and phone numbers from a third-party vendor working with GrubHub. Hackers might also be in possession of Zendesk data.
Key takeaways
- GrubHub confirmed a data breach.
- The breached data does not include financial information or order history, says the food platform.
- GrubHub advises employees and users to stay vigilant and watch for stolen data that might appear on the Dark Web.
What is the scope of the incident, and who is behind the attack?
Without naming who is behind the attack, GrubHub admitted the incident and confirmed that its team stopped the leak. And is currently working with law enforcement and cyber experts to prevent this from happening again.
Even though the food platform has not yet publicly stated what information the hackers stole, it assured its users that hackers did not compromise any financial information or order history. Experts believe the notorious ShinyHunters are behind the attack.
How does that affect its customers and employees?
It will also take some time for the company to decide whether to pay the ransom and/or risk hackers leaking company information on the dark web.
Whatever the outcome, staying vigilant must be of top priority for all users and employees of the multibillion-dollar Chicago-based company. GrubHub serves tens of millions of Americans every year and has tens of thousands of active drivers.
Data breaches happen all the time, and companies of all sizes are often among the victims. If cybercriminals see an opportunity, they attack ordinary individuals too. Anyone who uses a smartphone and a computer/Mac to perform financial transactions. Or use any form of internet banking should strongly consider installing reputable antivirus software. While such protection is not a 100% bulletproof solution against hacker attacks. It certainly provides people with another layer of protection, which often discourages hackers from targeting them. If hackers need to work hard for the buck, they would rather go spend that time targeting the bigger fish. However, bad actors don’t discriminate when the door to the treasure is wide open.