(NewsGlobal.com)- The delivery locations, phone numbers, identities, and delivery instructions of people linked with Russia’s secret police were disclosed in a large data dump from the Russian food delivery service Yandex Food.
The data breach was initially announced by Yandex on March 1st, with the company blaming it on bad conduct by one of its workers. They emphasized that the leak did not contain customers’ login information.
Roskomnadzor, Russia’s communications regulator, has threatened to punish the corporation up to 100,000 rubles (USD 1,166) for the breach, which unmasked the information of about 58,000 users.
Researchers at Bellingcat, a fact-checking and open-source intelligence investigative journalism organization established in the Netherlands, acquired access to the data, searching it for leads on persons of interest, such as a person related to Russian opposition leader Alexey Navalny’s poisoning.
By checking the database for phone numbers obtained as part of a previous investigation, they did indeed identify the person’s identity in contact with Russia’s Federal Security Service (FSB) that orchestrated Navalny’s poisoning. This individual also registered with Yandex Food using his work email address allowing researchers to establish his identity.
Researchers also looked for phone numbers associated with Russia’s Main Intelligence Directorate (GRU), the country’s foreign military intelligence organization, in the hacked data. They were able to track down the name of one of these operatives, Yevgeny, and link him to Russia’s Ministry of Foreign Affairs and his car registration information.
By examining the database for specific addresses, Bellingcat discovered some interesting information. Researchers found just four hits while searching for the GRU headquarters in Moscow, possibly indicating that employees either don’t use the delivery service or prefer to order from eateries within walking distance. However, Bellingcat found 20 hits while searching for the FSB’s Special Operation Center in a Moscow suburb.
Some of the results included unusual delivery instructions, such as a notice to drivers that the delivery site is a military base. “Go up to the three boom barriers by the blue booth and call,” one user instructed their driver. Another added, “Closed territory. Make your way up to the checkpoint. Ten minutes before you arrive, call!”
Lyubov Sobol, a Russian lawmaker, said the stolen material led to more details regarding Russian President Vladimir Putin’s former lover and their alleged secret daughter. Svetlana Krivonogikh, Putin’s ex-mistress, was discovered in another residence, and the daughter ordered food from that address.
Pretty scary stuff.
If researchers could uncover so much information using data from a meal delivery service, imagine how much data Uber Eats, DoorDash, Grubhub, and other services have on their customers.
