Snappfood promised to do its best to prevent the release of user data through negotiations with this hacking group
According to Iran digital economy annotation, Last night, a hacker group that had previously hacked Tapsi claimed to have gained access to the information of Snappfood users, couriers and sellers. This company also issued a statement and announced that they are identifying and eliminating the source of contamination caused by this hacker group in cooperation with FATA police.
In its statement, Snappfood accepted the responsibility for this incident and announced that it will conduct a detailed investigation on the reasons for its occurrence: “This hacker group has sold information before negotiating with Snappfood, and Snappfood has made every effort to prevent the release of data. Users will negotiate with this hacking group.
The company also told its users not to worry about their bank information; Because their bank card information is not stored: “All bank payment information of users, including information related to card security code (CCV), password and expiration date, is completely secure and this information is in accordance with the regulations of the Central Bank in any of the platforms. It will not be saved.”
What information did the hacker group get from Snappfood?
The hacker has claimed that they have extracted more than 20 million users including username, password, email, first and last name, mobile number, date of birth, as well as the information of more than 880 million product orders.
The hacker told that They did not report the hack to Snapp Food and directly put the information up for sale. the reason The experience of negotiating with Tapsi: “After the Tapsi incident, we decided not to negotiate with any company in the future!”
The last sample of the leaked information is dated December 10, 2023. This could possibly indicate that the information was extracted from Snap Food about 20 days ago.
On the morning of the 10th of December, the IRLeaks hacker group announced the hacking of Snappfood company’s data by publishing a post on its Telegram channel. This hacker group had hacked Tapsi’s information earlier this summer. This group has published a sample of hacked information and announced its selling price of $30,000. According to this group, the hacked information includes the following:
– Information of more than 20 million users including: username, password, email, first and last name, mobile number, date of birth, etc.
– Information of more than 51 million user addresses including: GPS location, full address, phone number, etc.
– Information on more than 180 million mobile devices, including: device type and model, platform, token, app installation store, etc.
– Information on more than 360 million orders including: orderer’s IP address, received address, received phone number, city, receiving time, first and last name, store or restaurant details, price, product, etc.
– Information of more than 35 thousand couriers including: name, surname, contact number, national code, city, etc.
– More than 600,000 order payment information including: card owner’s full name, customer’s full name, contact number, card number, bank name, etc.
– Information on more than 160 million trips made by courier, including: full name of origin and destination, address of origin and destination, phone number of origin and destination, geographic location of origin and destination, date and…
– More than 240,000 Vendor information including: full name, address, phone, email, GPS location, collection management name, etc.
– Information on more than 880 million product orders
Snapp Group CEO: We still can’t say whether the hackers were internal or external
In this regard, Mohammad Khalaj, the CEO of Snap Group, said: “We are trying to solve the problem and by issuing an announcement by Snappfood in this connection, we have focused on solving this problem.”
He added: After conducting further investigations, we can publish more detailed information about the hack.
The CEO of Snapp Group said whether the hackers were internal or external: it is not yet possible to comment on this precisely and this issue is under investigation.
Regarding the level at which users’ information has been hacked, he stated: All users’ bank payment information, including information related to card security code (CCV), password, and expiration date, is completely secure and this information is in accordance with the regulations of the Central Bank. It is not stored on any platform.
Khalaj stated: Soon and after additional information, more detailed details of the incident will be announced.
FATA police stationed at Snappfood office
Col. Ramin Pashaei, Deputy Social Cultural Officer of FATA Police said: I have to inform our dear compatriots and especially the users of this company that the technical team of FATA Police is currently stationed in the said company and is conducting technical and specialized investigations.
Pashaei said: Based on the research, Snappfood is still providing services to its users.
The Social Cultural Deputy of Fata Faraja Police stated: Considering that the said company has been evaluated and justified by the experts of this police several times this year, if any neglect and negligence is observed, the matter will be reflected to the legal authorities for follow-up.
Colonel Pashaei noted: As soon as more detailed information is obtained and the new dimensions of this unauthorized access are determined, the compatriots will be notified.
No Comment! Be the first one.