The private information of 58,000 people has been released into the wild after Yandex Eats, a popular home delivery company in Russia, suffered an internet data breach.
Yandex, a powerful digital company that develops, among other things, the most used search engine in Russia, before Google, justified the leak by “an employee’s dishonest actions”†
Fortunately for users, the leaked data does not contain any passwords or banking information. However, they contain all the details of the orders, including phone numbers, delivery addresses, emails, as well as any directions for the deliverers.
For the majority of those affected by the leak, this information is pretty harmless. In front of more sensitive profiles on the other hand, they can reveal a lot. The media specialized in open source research Bellingcat went to search on the side of the Russian intelligence services.
While searching for the number of a man who worked at the GRU, the Russian military intelligence service, the journalists realized that he was being delivered to the address of a Foreign Ministry building, which could indicate a change position, or at the very least provide information about his recent activities. Not really the kind of stuff spies want to make public.
It’s the FSB that treats
Investigating orders from the FSB’s Special Operations Center, Russia’s intelligence agency, Bellingcat also realized that secret service agents are not stingy with details. To prevent their delivery drivers from getting lost, some list their building or even floor number.
Even the absence of data provides information about the lives of spies. Where FSB agents regularly order from Yandex Eats because their headquarters is out of the way, those from the GRU whose offices are located in the heart of Moscow order much less, which would mean going to the surrounding restaurants for lunch.
It is definitely bad weather for the personal data of Russian soldiers. At the beginning of the month of March, the Ukrainian newspaper Pravda published a list with the information of 120,000 soldiers accusing the newspaper of participating in the conflict† the Hackers collective Anonymous has claimed responsibility for the attack April 3rd.
Doxing is now used as a real war tactic, to demoralize the enemy forces. Gold, as Bellingcat points outthe large collection of data desired by the Russian authorities, coupled with the rampant corruption, leaves Russia, its people, its agents and its soldiers particularly exposed to the risks of leaks and the consequences they could have.