Foodpanda Data Leak Raises Alarms Over Vendor Privacy in Pakistan

KARACHI: Popular online delivery platform Foodpanda may have unintentionally exposed sensitive vendor information through an unprotected public API, raising serious privacy concerns. The discovery was made by an AI solutions architect while testing a data analysis tool focused on restaurant pricing, delivery times, and cuisines.

The expert identified an unsecured API endpoint — “pandora/vendors?country=pk” — that required no login or access restrictions. This flaw allowed anyone to access detailed information about Foodpanda vendors, including restaurant locations, cuisine types, delivery fees, owner contact details, and performance data.

“This isn’t just a technical flaw, it’s a major privacy failure,” the researcher, identified as Khan, warned. He added that such open data could be exploited by malicious actors to target restaurant owners directly or by competing delivery platforms to recruit vendors using precise marketing strategies.

Cybersecurity experts believe this incident highlights a growing problem among tech companies. Many are prioritizing rapid digital expansion and AI integration while neglecting basic data protection principles.

“Security isn’t just about encryption or firewalls,” Khan emphasized. “It starts with careful system design and understanding which data should remain private.”

Although the exposed dataset was later masked and uploaded to Kaggle for transparency, the incident has raised critical questions about Foodpanda Pakistan’s data security practices. Experts warn that similar vulnerabilities could put users and vendors at risk if left unaddressed.

So far, neither Foodpanda Pakistan nor its parent company, Delivery Hero, has issued an official statement regarding the breach. Cyber analysts say the case serves as a wake-up call for the broader tech industry, showing that even established platforms can overlook fundamental privacy safeguards.

In other news read more about Kabul Restaurant Islamabad’s Sitting Area Sealed Over Tax Evasion and ‘Anti-State Remarks’

Daily Pakistan attempted to contact Foodpanda for a comment but received no response.

Ahmer Nadeem

Ahmer is an experienced digital media journalist, equally skilled in covering parliament and breaking stories. With expertise spanning culture, politics, technology, and human interest, he brings depth and diversity to his reporting. His versatility extends to lifestyle and arts, making him a dynamic storyteller driven by accuracy, insight, and impact.