GonnaOrder Exposes Millions of Customer Records via Unsecured Kafka Broker
A major security lapse at European food delivery platform GonnaOrder left real-time order data from thousands of customers exposed for nearly two years, according to researchers at Cybernews. The breach stemmed from an unsecured Apache Kafka Broker instance, which remained accessible from August 2022 until late last month when the company finally secured it.
The exposed data included names, phone numbers, delivery addresses, order details, and payment information, primarily affecting customers in the UK, Belgium, Greece, and the Netherlands. While Kafka isn’t designed for long-term data storage, researchers warned that attackers could have exploited the misconfiguration by deploying a "collector" to continuously scrape sensitive information over the extended exposure period.
Cybernews highlighted the risks of such prolonged exposure, noting that leaked data—including building access codes embedded in delivery notes—could be exploited for fraud, phishing, or physical security breaches even after the instance was secured. The incident underscores the dangers of misconfigured cloud services in handling sensitive customer data.
Source: https://www.scworld.com/brief/misconfiguration-leaks-gonnaorder-data
GonnaOrder cybersecurity rating report: https://www.rankiteo.com/company/gonnaorder
"id": "GON1767064516",
"linkid": "gonnaorder",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (potentially '
'millions)',
'industry': 'Food & Beverage',
'location': 'Europe',
'name': 'GonnaOrder',
'type': 'Food Delivery Platform'}],
'attack_vector': 'Misconfigured Kafka Broker',
'data_breach': {'data_exfiltration': 'Possible via prolonged data scraping',
'number_of_records_exposed': 'Millions (potential)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Order information',
'Phone numbers',
'Ordered locations',
'Delivery notes',
'Payment details',
'Names',
'Home addresses',
'Access codes']},
'description': 'Major European food delivery platform GonnaOrder had '
'real-time order information from thousands of its customers '
'inadvertently exposed by a Kafka Broker instance that has '
'been unsecured since August 2022. The exposed data included '
'orders, phone numbers, ordered locations, delivery notes, and '
'payment details from customers in the UK, Belgium, Greece, '
'and the Netherlands. Attackers could have compromised the '
"misconfigured instance with a 'collector' to facilitate "
'prolonged data scraping activities, potentially obtaining '
"millions of customers' data, including names, phone numbers, "
'home addresses, and order details containing private '
'information such as access codes to enter buildings.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': 'Real-time order information, phone numbers, '
'ordered locations, delivery notes, payment '
'details, names, home addresses, access codes',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Kafka Broker instance'},
'post_incident_analysis': {'root_causes': 'Misconfigured Kafka Broker '
'instance'},
'references': [{'source': 'Cybernews'}],
'response': {'containment_measures': 'Instance secured late last month'},
'title': 'GonnaOrder Kafka Broker Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured Kafka Broker instance'}