Order a meal online in China, and strangers can get hold of your name, phone number and address.

That’s according to an investigation by a Beijing newspaper, detailing how user information was stolen from some of China’s biggest food delivery platforms, including Meituan and Ele.me.

The Beijing News spoke to a black market vendor who was selling personal data at 800 yuan (US$125) for every 10,000 profiles. The information includes name, gender, phone number and address of users from recent food orders. 

Users’ personal information is sold online for just a little more than 1 US cent apiece. (Picture: The Beijing News)

So how did the information got stolen? Turns out, they were leaked by delivery drivers, as well as operators that run takeaway services for restaurants.

Marketing firms and cold callers made up the majority of data buyers, who communicated through online chat groups.  

Food delivery apps are hugely popular in China. More than 343 million users across most Chinese cities have grown accustomed to these fast and cheap services -- that's roughly one in every four people in the country. 

Meituan and Ele.me say that they have notified the police and are working to improve the security of their platforms.

Users of food delivery services grew 135 million in a year, according to a CNNIC report. (Picture: AFP)

Still, the case triggered an outcry among Chinese internet users, who are becoming increasingly worried about online privacy. Many say they've been kept in the dark on how tech companies are using their personal data.

Recently, a think tank in Beijing found that some internet lenders did not include privacy agreements in their apps -- and often asked to access information that's unnecessary for operating their services.

And last year, Huawei reportedly gleaned information from WeChat messages to provide restaurant recommendations for users of its Honor Magic smartphones. The move was blasted by WeChat provider Tencent, which itself was accused of snooping on chats.

The government has been taking actions to tackle growing concerns.

In January, regulators slammed Baidu, Alibaba and news aggregator giant Bytedance over what they called weak data protection policies. Companies were warned they could face severe punishment for future violations. 

(Abacus is a unit of the South China Morning Post, which is owned by Alibaba.)