Grubhub has confirmed a data breach where hackers accessed its systems, leading to extortion demands from the ShinyHunters cybercrime group. While the company stated that sensitive data, such as financial information or order history, was not compromised, they have not disclosed when the breach occurred or whether customer data was involved. Grubhub is working with a cybersecurity firm and has notified law enforcement, but remains tight-lipped about further details. Sources suggest that the hackers are demanding Bitcoin payments to prevent the release of data stolen from Grubhub's Salesforce and Zendesk systems. The breach likely originated from stolen credentials linked to a broader cyber attack on Salesloft that took place in August 2025. During that incident, hackers exploited OAuth tokens to access sensitive data across multiple platforms, including AWS access keys and other credentials. ShinyHunters has claimed responsibility for stealing about 1.5 billion records from various companies, raising concerns about the ongoing risk posed by previously compromised data.