A hacker broke into the systems of Spanish rapid-delivery startup Glovo last week, it said on Tuesday, without specifying what information might have been accessed.
Valued at over $1 billion, Barcelona-based Glovo delivers everything from food to household supplies to some 10 million users across 20 countries.
The hacker gained access to a system on April 29 via an old administrator platform but was ejected as soon as the intrusion was detected, Glovo said.
"We can confirm that no access was gained to client card data, as Glovo does not save or store such information," the company said in an emailed statement.
Media company Forbes reported earlier, citing cyber security firm Hold Security which it said found the breach, that the hacker was selling login credentials for customer and courier accounts, with the ability to change their password.
The company did not immediately respond to a request for comment on the hacker's motives. Hold Security could not immediately be reached for comment.
The attack comes less than a month after Glovo raised 450 million euros ($541 million) in funding, riding a wave of interest in delivery services, which have boomed during the COVID-19 pandemic.
With such platforms increasingly in the spotlight, regulators and governments are beginning to address working conditions and privacy issues in the so-called gig economy.
A Spanish court ruled last year that Glovo workers were employees and not freelancers, while the government is proposing legislation to give unions access to the algorithms tech companies use to manage their workforce.
(Reporting by Joan Faus. Writing by Nathan Allen. Editing by Mark Potter)