Extortion Emails Target Restaurants Using HungerRush POS After Vendor Account Compromise

By Ash K
Extortion Emails Target Restaurants Using HungerRush POS After Vendor Account Compromise

Restaurants using the HungerRush point-of-sale platform have been hit with a wave of extortion emails from a threat actor claiming to possess millions of customer records. The messages warned that sensitive data would be publicly exposed unless victims complied with payment demands.

HungerRush says the campaign stemmed from compromised credentials belonging to a third-party vendor account that had access to the company’s email marketing platform. The company maintains that the attacker’s claims of massive data exposure are inaccurate.

Extortion Campaign Targets Restaurant Operators

According to reports from affected businesses, the emails alleged that attackers had infiltrated HungerRush systems and obtained large volumes of customer data tied to restaurants using the platform. Recipients were warned that the information would be released publicly if payment demands were not met.

Such tactics are increasingly common in cybercrime operations, where threat actors rely on intimidation and exaggerated claims to pressure organizations into paying quickly.

Compromised Vendor Credentials Identified

HungerRush says its investigation determined that the attacker did not breach the core POS infrastructure. Instead, the campaign originated from a third-party vendor account whose credentials had been compromised.

The attacker used those credentials to gain access to the company’s email marketing service, allowing them to send messages directly to restaurant customers or mailing lists associated with the platform.

Once the activity was discovered, the affected account was immediately disabled.

Company Disputes Data Exposure Claims

HungerRush has stated that it has found no evidence that sensitive financial or personal customer data was accessed or exfiltrated as part of the incident. The company says the threat actor’s claims about large-scale data theft appear to be misleading.

Nonetheless, even limited access to communication tools can create reputational risk for service providers, particularly when attackers impersonate trusted platforms to contact customers directly.

Law Enforcement Notified

The company confirmed that it has reported the incident to law enforcement authorities and is cooperating with the investigation. Affected restaurant clients have also been notified about the situation.

Incidents involving compromised marketing platforms are becoming increasingly visible because attackers can quickly reach thousands of recipients through legitimate communication channels.

Growing Risk From Third-Party Access

The case highlights a broader cybersecurity challenge facing technology providers and service platforms: third-party access. Vendors and partners often require credentials to support operations, marketing, or customer services.

If those accounts are compromised, attackers can leverage them to impersonate legitimate communications, distribute phishing messages, or launch extortion campaigns without ever breaching the primary system itself.

For organizations operating digital platforms, strict vendor access controls, multi-factor authentication, and monitoring of external accounts are becoming essential safeguards.

While HungerRush says its systems remain secure, the incident illustrates how attackers increasingly target indirect pathways—such as marketing tools and vendor accounts—to create disruption and pressure victims through intimidation.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.