Hacker mass-mails HungerRush extortion emails to restaurant patrons

Published:

4 maart 2026 om 18:44:14

Alert date:

4 maart 2026 om 19:05:35

Source:

bleepingcomputer.com

Data Breach & Exfiltration, Enterprise Applications, Email & Messaging

Threat actors are mass-mailing extortion emails to customers of restaurants using the HungerRush point-of-sale platform. The attackers are threatening to expose restaurant and customer data if HungerRush fails to respond to their demands. This appears to be a targeted extortion campaign against the POS platform and its restaurant clients, potentially indicating a data breach or security compromise of the HungerRush system.

Technical details

Threat actor compromised HungerRush's email infrastructure and sent extortion emails to restaurant customers using Twilio SendGrid from legitimate HungerRush domains. Emails passed SPF, DKIM, and DMARC authentication checks. Infostealer logs indicate a HungerRush employee device was infected with malware in October 2025, potentially compromising corporate credentials including NetSuite, QuickBooks, Stripe, Bill.com, Visa Online, and Salesforce environments. Attacker claims access to millions of customer records containing names, emails, passwords, addresses, phone numbers, birth dates, and credit card information.

Mitigation steps:

Customers of restaurants using HungerRush POS system should be alert for potential phishing emails and SMS texts that may abuse potentially stolen information.

Affected products:

HungerRush POS platform
HungerRush online ordering system
HungerRush delivery management software
HungerRush payment processing software
Twilio SendGrid