Case Study: The Foodmandu Data Breach of 2020

Published on 2020-03-08

## The Incident In March 2020, Foodmandu faced a nightmare scenario. A hacker going by "Mr. Mugger" announced they had dumped the personal details of nearly **50,000 customers**. The leak was extensive: * Full Names * Email Addresses * Phone Numbers * Exact Delivery Addresses ## What Went Wrong? We never got a full, transparent post-mortem. However, looking at the patterns, this screams of a classic **Insecure Direct Object Reference (IDOR)** or a basic API enumeration flaw. ### The A...

Back to Blog