Sophie Webster, Tech Times

Russia's Yandex Food suffered a massive data leak that revealed the phone numbers, delivery addresses, names, and even the delivery instructions of those associated with the country's secret police.

Yandex Food's Data Leak

According to Bellingcat, Yandex Food first reported the data leak on Mar. 1, blaming the incident on the dishonest actions of one of its employees.

The subsidiary of Yandex noted that the leak does not include the login information of its users.

Roskomnadzor, Russia's communications regulator, has since threatened to fine the company up to $1,166 for the leak.

Reuters reported that the exposed information belong to 58,000 users. The Roskomnadzor also blocked access to an online map containing the data, which is an attempt to conceal the information of the citizens, as well as those with connection to the Russian military and security services.

Also Read: Russian search giant Yandex and Facebook ink strategic content partnership

The researchers at Bellingcat got access to the trove of information and tried to look for leads on any people of interest, like those linked to the poisoning of Russian opposition leader Alexey Navalny.

By going through the database for phone numbers collected as part of a previous investigation, the researchers uncovered the name of the person who was in contact with Russia's Federal Security Service to plan the poisoning of Navalny.

The researchers said that the said person also used his work email address to register with Yandex Food.

The researchers also examined the leaked information for the phone numbers belonging to those tied to Russia's Main Intelligence Directorate, or the country's foreign military intelligence agency.

They eventually found the name of one of the agents, Yevgeny, and they were able to link him to Russia's Ministry of Foreign Affairs and find his car registration information.

Bellingcat uncovered some information by searching the database for specific addresses too. When the researchers looked for the GRU headquarters in Moscow, they found four results, which is a sign that the workers don't use the delivery app, or they choose to order from restaurants within walking distance instead.

When Bellingcat searched for FSB's Special Operation Center in a suburb in Moscow, it showed 20 results. Several results contained note-worthy delivery instructions, warning drivers that the delivery location is a military base.

Unveiled Secrets of President Putin

Russian politician and known Navalny supporter, Lyubov Sobol, tweeted that the leaked information had led to more information about Russian President Vladimir Putin's alleged secret daughter and mistress, according to The Verge.

Sobol said that due to the leaked Yandex database, another apartment of Putin's former mistress, Svetlana Krivonogikh, was found. He added that it was the area where their daughter, Luiza Rozova, ordered her meals. The apartment is worth $1.98 million.

The uncovered information based on the data from Yandex Food raised security concerns regarding the amount of information that Uber Eats, DoorDash, Grubhub and others have on its users.

In 2019, a DoorDash data breach revealed the names, phone numbers, email addresses, delivery order details, delivery addresses and passwords of over 4.9 million people, which is a significantly larger number compared to those affected by the Yandex Food data leak.

On Mar. 29, TechTimes reported that Yandex is allegedly harvesting the personal information of its users from its database.

Yandex also laid off dozens of its US-based workers over expired drivers license.

Related Article: Yandex, Google Of Russia, Files Android Antitrust Probe In The EU

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Yandex Yandex Food Delivery
Join the Discussion