An Iranian hacker group called IR Leaks has claimed responsibility for a cyber attack on Snapp Food, the country’s largest food delivery app.
The hacker boasts access to the personal information of over 20 million users, exposing a vast trove of sensitive information.
The compromised data includes usernames, passwords, email addresses, full names, and mobile phone numbers, and is reportedly up for sale for $30,000. Additionally, the hacker claims that he is in possession of details about over 51 million users’ addresses, including GPS coordinates and phone numbers.
The hackers also released samples of data to verify their claims.
In an exclusive interview on the Digiato website, the hackers highlighted their decision not to notify Snapp Food’s management before making the hack public. Snapp Food acknowledged the breach and issued a press release saying, “We are initially working with cyber law enforcement to identify and eliminate the source of contamination caused by the actions of this hacking group.”
This is not the first time this hacker group has targeted a prominent Iranian service. In September they Reported a breach at ride-hailing service Tapsi, affecting over 33 million users. The hackers claimed that they negotiated with Tapsi management for two weeks before disclosing the breach. However, the company refused to comply with the hackers’ demand for $35,000.
The recurrence of such incidents in Iran highlights the lack of strict laws and penalties for negligence in protecting personal information. The lack of user rights, including the inability to request deletion of personal data, highlights the urgency for regulatory reform to address the growing threat of data breaches in the country.