A data leak in Russia’s popular food delivery service Yandex Food has exposed personal information of 58,000 users, including those associated with the government’s secret police.
Among the users affected are serving agents of Russia’s security services and military who even ordered food to their places of work using their official email addresses, according to findings from Netherlands-based investigative journalism group Bellingcat.
The leak includes user emails, a large number of phone numbers, addresses and orders made on the food delivery platform.
“One address Bellingcat searched for is Dorozhnaya Street 56 in Moscow. This facility is linked to the Russian National Guard (Rosgvardia), which has been active in the invasion of Ukraine,” the research group said.
Researchers even gained access to an individual linked to the poisoning of jailed Russian opposition figure Alexei Navalny.
By searching the database, Bellingcat uncovered the name of the person who was in contact with Russia’s Federal Security Service (FSB) to plan Navalny’s poisoning.
This person “also used his work email address to register with Yandex Food, allowing researchers to further ascertain his identity”.
Yandex has blamed one of its employees for the hacking and subsequent leak of data from Yandex Food.
Russia’s state media watchdog Roskomnadzor has attempted to block the data leak. The communications regulator has also threatened to penalise the online food delivery service up to $1,166 for the leak.
“With increased cyber-attacks from Ukrainian and pro-Ukrainian hacker organisations, we should expect to see more government and customer databases leaked, some of which may be of use in investigating matters in the public interest,” said the research group.