HungerRush extortion campaign targets restaurant customers
Summary
Hide ▲
Show ▼
A threat actor is mass-emailing restaurant patrons using the HungerRush POS platform, claiming to have access to customer and restaurant data. The attacker demands a response from HungerRush or threatens to expose the data. The emails were sent using Twilio SendGrid, a service previously used by HungerRush for legitimate communications. The attacker claims to have access to millions of customer records, including names, emails, passwords, addresses, phone numbers, dates of birth, and credit card information. HungerRush has not confirmed a breach, but customers are advised to be vigilant for potential phishing attempts.
Timeline
-
04.03.2026 20:44 1 articles · 3h ago
HungerRush customers receive extortion emails from threat actor
A threat actor began sending extortion emails to restaurant patrons using the HungerRush POS platform early Wednesday morning. The emails claim to have access to millions of customer records and threaten to expose the data if HungerRush does not respond. The emails were sent using Twilio SendGrid, a service previously used by HungerRush for legitimate communications. Infostealer logs suggest a HungerRush employee's device was infected in October 2025, leading to the compromise of corporate credentials.
Show sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44
Information Snippets
-
HungerRush is a restaurant technology provider with over 16,000 clients, including Sbarro, Jet's Pizza, and Hungry Howie's.
First reported: 04.03.2026 20:441 source, 1 articleShow sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44
-
The attacker sent extortion emails from [email protected] and [email protected], using Twilio SendGrid.
First reported: 04.03.2026 20:441 source, 1 articleShow sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44
-
The emails passed SPF, DKIM, and DMARC authentication checks for the hungerrush.com domain.
First reported: 04.03.2026 20:441 source, 1 articleShow sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44
-
Infostealer logs suggest a HungerRush employee's device was infected in October 2025, leading to the compromise of corporate credentials.
First reported: 04.03.2026 20:441 source, 1 articleShow sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44
-
Stolen credentials include access to NetSuite, QuickBooks, Stripe, Bill.com, Visa Online, and Salesforce environments.
First reported: 04.03.2026 20:441 source, 1 articleShow sources
- Hacker mass-mails HungerRush extortion emails to restaurant patrons — www.bleepingcomputer.com — 04.03.2026 20:44