A hacker compromised systems of Spanish rapid-delivery startup Glovo and reportedly attempted to sell stolen credentials of its customers and distributors on the Internet.

Glovo is a Barcelona-based company that delivers everything from food to household supplies to some 10 million users across 20 countries.

According to the company, the security breach took place on April 29 when a hacker gained access to its systems via an old administrator platform, and the attack was blocked as soon as it was detected.

“We can confirm that no access was gained to client card data, as Glovo does not save or store such information,” Glovo said.

The hack came to light earlier this week when Forbes reported that a hacker was selling access to Glovo customer and courier accounts, with the ability to change their passwords. The breach was discovered by the cybersecurity firm Hold Security that found screenshots and videos from a hacker showing off access to the computers used to manage Glovo accounts.

Glovo said it has contacted the Agencia Española de Protección de Datos (AEPD), Spain’s data protection authority, over the incident and that the data was “only accessible via a successful log-in by an account with sufficient permissions. All personal data at rest in our systems is encrypted.”