Yandex Food, a popular food delivery service in Russia, has faced a cyber security incident that exposed personal information of 58,000 users.
The leaked personal information also includes data associated with the Russian government’s secret police.
Among the users affected are serving agents of Russia’s security services and military who even ordered food to their places of work using their official email addresses, according to findings from Netherlands-based investigative journalism group Bellingcat.
The leak includes user emails, a large number of phone numbers, addresses and orders made on the food delivery platform.
Yandex said on March 1 its Yandex.Eda service had succumbed to a data leak. “The leak did not affect users’ banking, payment and registration details, that is to say logins and passwords. This data is safe,” Yandex said. Yandex also apologized to those affected by the cyber security issue.
Reuters reported that people recently took to Twitter and Telegram to voice their feelings, some criticizing the company and threatening legal action, others urging people to improve their online security in the wake of the leak by downloading Virtual Private Networks (VPN).
“One address Bellingcat searched for is Dorozhnaya Street 56 in Moscow. This facility is linked to the Russian National Guard (Rosgvardia), which has been active in the invasion of Ukraine,” the research group said.
Researchers even gained access to an individual linked to the poisoning of jailed Russian opposition figure Alexei Navalny.
Bellingcat uncovered the name of the person who was in contact with Russia’s Federal Security Service (FSB) to plan Navalny’s poisoning.
This person also used his work email address to register with Yandex Food, allowing researchers to further ascertain his identity.
Yandex has blamed one of its employees for the hacking and subsequent leak of data from Yandex Food.
Russia’s media watchdog Roskomnadzor has attempted to block the data leak. The communications regulator has also threatened to penalise the online food delivery service up to $1,166 for the leak.
“With increased cyber-attacks from Ukrainian and pro-Ukrainian hacker organizations, we should expect to see more government and customer databases leaked, some of which may be of use in investigating matters in the public interest,” said the research group.
