Threat Actor Claims Breach of 17.6 Million Customer Records of US-based Meal Delivery Service

A threat actor has allegedly breached CookUnity and exposed sensitive data tied to more than 17.6 million customers. The claim surfaced on underground forums on June 1, 2026, stating that the attacker compiled two large datasets containing user and operational information.

The attacker reportedly insisted that the exploit used to access the system remains active. That claim has raised immediate concerns among cybersecurity analysts, who fear continued exposure if the issue is not contained.

Investigators have not independently verified the breach, but the scale and depth of the alleged data have already triggered widespread alarm.

Massive Dataset Allegedly Shared on Underground Forum

The attacker reportedly posted details of the database on a dark web forum and offered the data for free to anyone who engaged with the thread. Cybersecurity analysts say this tactic helps attackers spread stolen data quickly while maximizing reputational damage to the affected company.

The exposed dataset allegedly contains customer names, email addresses, and full residential information, including unit numbers, cities, states, postal codes, and countries. Reports also indicate the presence of precise geolocation data, with latitude and longitude coordinates linked to individual users.

The breach appears to go beyond personal data. The attacker allegedly accessed logistics and delivery records, including order IDs, item quantities, shipment tracking details, and even driver-related information.

Internal system markers, such as validation flags and warning indicators, also surfaced in the dataset, which suggests deep penetration into backend systems.

Surge in Global Cyber Incidents Raises Concern

Security experts continue to warn that cyberattacks are increasing in both frequency and complexity. Attackers now rely on methods such as phishing, ransomware, and weak authentication exploits to gain access to systems.

Several recent incidents highlight this trend. In late May, GitHub confirmed a breach that affected roughly 4,000 developer repositories, with links to the TeamPCP threat group. According to reports, the attackers planned to sell the stolen source code instead of demanding ransom.

Earlier in the same month, Open Loop Health disclosed a breach that impacted more than 716,000 individuals and exposed sensitive medical and personal information.

Around that period, Instructure also suffered multiple intrusions linked to the ShinyHunters group, forcing the company to pay a ransom after losing critical data.

These incidents show that attackers are targeting organizations across industries, with no clear limitation on size or sector.

Food delivery is one of the sectors being hit. Pakistan’s FoodPapa platform recently suffered an alleged data leak via an open database, demonstrating that these attacks span global markets.

Business Risks and Ongoing Exposure Fears

Cybersecurity analysts warn that breaches of this magnitude can trigger severe financial and operational consequences. Companies often face millions in losses, along with legal scrutiny and long-term reputational damage.

The CookUnity case highlights the risks tied to storing extensive customer and operational data without strong safeguards. The reported inclusion of geolocation and delivery personnel data introduces additional safety concerns, extending beyond identity theft.

Experts urge organizations to adopt stronger defenses, including multi-factor authentication, regular system audits, and staff training against social engineering attacks. These measures remain critical as cyber threats continue to evolve.

CookUnity has not released an official statement regarding the claims at the time of writing. Customers and stakeholders continue to monitor the situation closely as more details emerge about what could become one of the most significant data exposure incidents in the food delivery sector this year.