Sbarro, HungerRush and Jet’s Pizza: Hacker mass-mails HungerRush extortion emails to restaurant patrons

HungerRush POS Platform Targeted in Extortion Attack Affecting Thousands of Restaurants

Customers of restaurants using the HungerRush point-of-sale (POS) platform reported receiving extortion emails from a threat actor, warning that sensitive data could be exposed if the company fails to respond. HungerRush, which serves over 16,000 restaurants including chains like Sbarro, Jet’s Pizza, and Hungry Howie’s provides POS, online ordering, and payment processing systems.

The attack began early Wednesday morning, with the threat actor sending emails from support@hungerrush.com and later 2019@hungerrush.com, demanding action or risking the exposure of restaurant and customer data. The second email claimed the attacker had access to millions of records, including names, emails, passwords, addresses, phone numbers, birthdates, and credit card details.

Analysis of the email headers revealed they were sent via Twilio SendGrid, a platform HungerRush uses for transactional emails, and passed SPF, DKIM, and DMARC authentication checks, suggesting the attacker may have compromised legitimate infrastructure. The emails originated from o10.e.hungerrush.com, a domain linked to SendGrid’s services.

Alon Gal, CTO of Hudson Rock, reported that infostealer malware infected a HungerRush employee’s device in October 2025, stealing credentials for NetSuite, QuickBooks, Stripe, Bill.com, Visa Online, and Salesforce. While it remains unclear if these stolen credentials are directly tied to the breach, the incident raises concerns about potential unauthorized access.

HungerRush has not confirmed whether the emails indicate a confirmed breach or system compromise. Customers of affected restaurants are advised to remain vigilant for phishing attempts leveraging the potentially exposed data.

Source: https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/

Sbarro cybersecurity rating report: https://www.rankiteo.com/company/sbarro

HungerRush cybersecurity rating report: https://www.rankiteo.com/company/hungerrush

Jets Pizza Inc cybersecurity rating report: https://www.rankiteo.com/company/jets-pizza-inc

"id": "SBAHUNJET1772655860",
"linkid": "sbarro, hungerrush, jets-pizza-inc",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '16,000+ restaurants (e.g., '
                                              'Sbarro, Jet’s Pizza, Hungry '
                                              'Howie’s)',
                        'industry': 'Technology, Hospitality, Payment '
                                    'Processing',
                        'name': 'HungerRush',
                        'size': 'Serves over 16,000 restaurants',
                        'type': 'POS Platform Provider'}],
 'attack_vector': 'Compromised infrastructure (Twilio SendGrid), Infostealer '
                  'malware',
 'customer_advisories': 'Customers of affected restaurants advised to remain '
                        'vigilant for phishing attempts',
 'data_breach': {'number_of_records_exposed': 'Millions (claimed by threat '
                                              'actor)',
                 'personally_identifiable_information': 'Names, emails, '
                                                        'passwords, addresses, '
                                                        'phone numbers, '
                                                        'birthdates',
                 'sensitivity_of_data': 'High (PII, credit card details)',
                 'type_of_data_compromised': 'Personal data, Payment '
                                             'information'},
 'date_detected': 'early Wednesday morning',
 'description': 'Customers of restaurants using the HungerRush point-of-sale '
                '(POS) platform reported receiving extortion emails from a '
                'threat actor, warning that sensitive data could be exposed if '
                'the company fails to respond. The attack involved emails sent '
                'from compromised HungerRush infrastructure, claiming access '
                'to millions of records including personal and payment '
                'information.',
 'impact': {'brand_reputation_impact': 'Potential brand reputation damage due '
                                       'to data exposure threat',
            'data_compromised': 'Names, emails, passwords, addresses, phone '
                                'numbers, birthdates, credit card details',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': 'HungerRush POS platform, online ordering, '
                                'payment processing systems'},
 'initial_access_broker': {'entry_point': 'Infostealer malware on employee '
                                          'device',
                           'high_value_targets': 'NetSuite, QuickBooks, '
                                                 'Stripe, Bill.com, Visa '
                                                 'Online, Salesforce '
                                                 'credentials'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion, Data exposure threat',
 'post_incident_analysis': {'root_causes': 'Infostealer malware infection on '
                                           'employee device (October 2025), '
                                           'potential unauthorized access via '
                                           'stolen credentials'},
 'recommendations': 'Customers advised to remain vigilant for phishing '
                    'attempts leveraging potentially exposed data',
 'references': [{'source': 'Hudson Rock (Alon Gal, CTO)'}],
 'title': 'HungerRush POS Platform Targeted in Extortion Attack Affecting '
          'Thousands of Restaurants',
 'type': 'Extortion'}