Ethical Hacking News
Hacker Mass-Mails HungerRush Extortion Emails to Restaurant Patrons
A threat actor sent mass emails to HungerRush customers claiming that restaurant and customer data could be exposed unless the company responded to their demands. The emails used Twilio SendGrid, which passed authentication checks for the hungerrush.com domain. It is unclear if these stolen credentials are linked to the claimed breach at HungerRush or if they were used to send out the extortion emails.
HungerRush, a popular POS platform used by over 16,000 restaurants worldwide, has been targeted by a malicious hacker. The hacker is mass-mailing extortion emails to HungerRush patrons, threatening to expose customer data if demands are not met. The emails claim that the hacker has access to sensitive data records containing names, emails, passwords, and credit card information. Although the emails passed authentication checks, it is unclear if they were sent from an authorized source. A recent incident showed that a HungerRush employee's device was infected with an infostealer in October 2025, leading to credential compromise. Customers of restaurants using the HungerRush POS system should be on high alert for potential phishing emails and SMS texts that abuse potentially stolen information.
HungerRush, a popular point-of-sale (POS) platform used by over 16,000 restaurants worldwide, has been targeted by a malicious hacker who is mass-mailing extortion emails to its patrons. The emails, which were sent early this Wednesday morning, threaten that if the company fails to respond to their demands, customer data could be exposed.
According to reports from multiple recipients on Reddit, the first email was sent from support@hungerrush.com and prompted HungerRush to stop ignoring the hacker's requests or risk having malicious actions taken. The email warned that "every restaurant and customer of said restaurants' data which is in the millions is in jeopardy here and I can't even get a response back."
However, three hours later, another email was sent from 2019@hungerrush.com, which escalated the threat and claimed that the hacker has access to sensitive data records containing names, emails, passwords, addresses, phone numbers, dates of birth, and credit card information. The emails were delivered using Twilio SendGrid, a platform commonly used by companies to send transactional and marketing emails.
BleepingComputer's analysis of the email headers showed that they passed SPF, DKIM, and DMARC authentication checks for the hungerrush.com domain. However, this does not necessarily mean that the emails were legitimate or sent from an authorized source.
In a recent incident reported by Alon Gal, co-founder and CTO of Hudson Rock, it was discovered that a HungerRush employee's device had been infected with an infostealer in October 2025. This led to the compromise of numerous corporate credentials, including those for NetSuite, QuickBooks-related services, Stripe dashboards, Bill.com vendor payment systems, Visa Online commercial services, and Salesforce environments.
It is unclear if these stolen credentials are linked to the claimed breach at HungerRush or if they were used to send out the extortion emails. However, customers of restaurants using the HungerRush POS system should be on high alert for potential phishing emails and SMS texts that abuse potentially stolen information.
Lawrence Abrams is the owner and Editor-in-Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacker-Mass-Mails-HungerRush-Extortion-Emails-to-Restaurant-Patrons-ehn.shtml
https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/
https://x.com/BleepinComputer/status/2029266747581166078
Published: Wed Mar 4 13:48:53 2026 by llama3.2 3B Q4_K_M
