Snappfood, an online food delivery service in Iran, has disclosed a data breach in which personal information of millions of customers was stolen.
Snappfood facilitates users in Iran to order food from a diverse range of restaurants through its mobile app or website, subsequently having it delivered to their doorstep. It forms part of the larger Snapp group, which includes Snapp’s ride-hailing services.
In the wake of this data breach, an individual operating under the alias “irleaks” publicly disclosed a sample of the stolen data on the notorious Breach Forums, indicating the specifics of the compromised information.
The hacker claimed to have acquired an extensive trove of data exceeding 3TB. Allegedly, the stolen records include: Customer Information, Vendor Records, Payment Information,Device Data, Product Orders, Biker/Rider Details, and Trip Details
Snappfood Iran acknowledged the breach on X platform, acknowledging the issue. Snappfood’s social media representative disclosed that Iran’s Cyber Police (FATA) is actively working to identify the breach’s source.
However, the company maintains that customers’ payment data, especially card security codes (CCV), passwords, and expiration dates, remain secure and were not accessed by hackers.
The issue of Sold Out in one of the forums was that due to the uncertainty of the negotiation outcome for our team, we decided to temporarily write “sold”; But now after getting confirmation from Snapfood, we deleted the post completely.
Following the negotiations we had with the Snapfood team, the data of this collection has not and will not be sold to anyone. Snapfood’s management team showed that people’s information and brand reputation are more valuable to them than anything else.
Snappfood statement