A large knowledge leak from Russian meals supply service Yandex Meals revealed the supply addresses, cellphone numbers, names, and supply directions belonging to these related to Russia’s secret police, in response to findings from Bellingcat.
Yandex Meals, a subsidiary of the bigger Russian web firm, Yandex, first reported the info leak on March 1st, blaming it on the “dishonest actions” of considered one of its staff and noting that the leak doesn’t embody customers’ login data. Russian communications regulator Roskomnadzor has since threatened to wonderful the corporate as much as 100,000 rubles (~$1,166 USD) for the leak, which Reuters says uncovered the knowledge of about 58,000 customers. The Roskomnadzor additionally blocked entry to an internet map containing the info — an try to hide the knowledge of atypical residents, in addition to these with ties to the Russian navy and safety providers.
Researchers at Bellingcat gained entry to the trove of knowledge, sifting by means of it for leads on any individuals of curiosity, corresponding to a person linked to the poisoning of Russian opposition leader Alexey Navalny. By looking the database for cellphone numbers collected as a part of a earlier investigation, Bellingcat uncovered the title of the one who was involved with Russia’s Federal Safety Service (FSB) to plan Navalny’s poisoning. Bellingcat says this particular person additionally used his work electronic mail tackle to register with Yandex Meals, permitting researchers to additional confirm his id.
Researchers additionally examined the leaked data for the cellphone numbers belonging to people tied to Russia’s Essential Intelligence Directorate (GRU), or the nation’s overseas navy intelligence company. They discovered the title of considered one of these brokers, Yevgeny, and have been in a position to hyperlink him to Russia’s Ministry of Overseas Affairs and discover his car registration data.
Bellingcat uncovered some helpful data by looking the database for particular addresses as effectively. When researchers appeared for the GRU headquarters in Moscow, they discovered simply 4 outcomes — a possible signal that employees simply don’t use the supply app, or choose to order from eating places inside strolling distance as a substitute. When Bellingcat looked for FSB’s Particular Operation Middle in a Moscow suburb, nonetheless, it yielded 20 outcomes. A number of outcomes contained attention-grabbing supply directions, warning drivers that the supply location is definitely a navy base. One person informed their driver “Go as much as the three increase obstacles close to the blue sales space and name. After the cease for bus 110 as much as the top,” whereas one other stated “Closed territory. Go as much as the checkpoint. Name [number] ten minutes earlier than you arrive!”
Благодаря слитой базе «Яндекса» нашлась ещё одна квартира экс-любовницы Путина Светланы Кривоногих. Именно туда их дочь Луиза Розова заказывала еду. Квартира 400 м², стоит примерно 170 млн рублей!https://t.co/z3uGKOdQhc pic.twitter.com/tOGXOsFmRY
— Соболь Любовь (@SobolLubov) March 23, 2022
In a translated tweet, Russian politician and Navalny supporter, Lyubov Sobol, stated the leaked data even led to extra details about Russian President Vladimir Putin’s alleged “secret” daughter and former mistress. “Because of the leaked Yandex database, one other house of Putin’s ex-mistress Svetlana Krivonogikh was discovered,” Sobol stated. “That’s the place their daughter Luiza Rozova ordered her meals. The house is 400 m², price about 170 million rubles [~$1.98 million USD]!”
If researchers have been in a position to uncover this a lot data based mostly on knowledge from a meals supply app, it’s a bit unnerving to consider the quantity of knowledge Uber Eats, DoorDash, Grubhub, and others have on customers. In 2019, a DoorDash knowledge breach uncovered the names, electronic mail addresses, cellphone numbers, supply order particulars, supply addresses, and the hashed, salted passwords of 4.9 million individuals — a a lot bigger quantity than these affected within the Yandex Meals leak.