Online takeaway service Hungryhouse has reset the passwords of thousands of its customers following an apparent data breach at a third party hosting company.
Scott Fletcher, chief executive of Hungryhouse, said: "We had no affiliation with the web hosting company that was hit by a data breach. But when our head of security noticed that a number of our customers' details appeared on the list of emails that had been breached, we took the pre-emptive step of asking them to change their passwords."
One Hungryhouse customer got in touch with The Register to say he had been told by the fast food folk this morning that 10,000 of its customers had had their passwords reset following the breach.
"They assured me that my card details were OK. I asked if it was the result of a DDoS attack, but the guy didn't know," he said.
The outfit told one customer via Twitter this morning: "Hungryhouse have [sic] ourselves re-set a number of customer's [sic] passwords as a preventative security measure against a 3rd party."
It is understood Hungryhouse will email customers today with an update.
Customers have taken to Twitter to complain:
@hungryhouse password reset invoked without my requesting it, worried about my bank card. No one answers your phones. Pls follow, dm me— Damian (@MajorDamo) November 27, 2015