As part of the proposed enforcement measures against the marketplace and its CEO, the Federal Trade Commission seeks to restrict the amount of personal information Drizly may gather. According to the FTC, the alcohol delivery firm that Uber bought in 2021 and its CEO, James Cory Rellas, were warned about security concerns in 2018. The commission determined that they had failed to sufficiently safeguard their customers’ information, allowing a data breach in 2020 that exposed the personal information of 2.5 million individuals.
According to the FTC’s initial complaint, a Drizly employee uploaded the company’s Amazon Web Services (AWS) cloud account logins on GitHub in 2018. Drizly saves user information such as emails, postal addresses, phone numbers, even unique device identifiers, geolocation information, and any other data acquired from third parties that may be connected back to them on AWS. Hackers were able to exploit those logins to get access to Drizly’s servers and mine bitcoin.
