A data breach in Russia’s popular food delivery service Yandex Food exposed the personal information of 58,000 users, including those linked to the government’s secret police.
According to the findings of the Netherlands-based investigative journalism group Bellingcat, among the users affected are serving agents of Russia’s security services and military, who even ordered food to their places of work using their official email addresses.
The leak includes user emails, a large number of phone numbers, addresses, and food delivery platform orders.
“One address Bellingcat searched for is Dorozhnaya Street 56 in Moscow. This facility is linked to the Russian National Guard (Rosgvardia), which has been active in the invasion of Ukraine,” the research group said.
Researchers even gained access to a person suspected of being involved in the poisoning of jailed Russian opposition figure Alexei Navalny.
Bellingcat discovered the name of the person who communicated with Russia’s Federal Security Service (FSB) to plan Navalny’s poisoning by searching the database.
This individual “also used his work email address to register with Yandex Food, allowing researchers to further ascertain his identity”.
Yandex has blamed one of its employees for the Yandex Food hacking and subsequent data leak.
Roskomnadzor, Russia’s state media watchdog, has attempted to halt the data leak. The communications regulator has also threatened the online food delivery service with a fine of up to $1,166 for the leak.
“With increased cyber-attacks from Ukrainian and pro-Ukrainian hacker organisations, we should expect to see more government and customer databases leaked, some of which may be of use in investigating matters in the public interest,” said the research group.