An Iranian hacking group, called IR Leaks, has claimed responsibility for a cyberattack on Snapp Food, the country's largest food delivery app.
The hackers boast access to the personal details of over 20 million users, exposing a vast trove of sensitive information.
The compromised data, reportedly up for sale at $30,000, includes usernames, passwords, email addresses, full names, and mobile numbers. Furthermore, the hackers claim to possess detailed information on over 51 million user addresses, complete with GPS coordinates and phone numbers.
The hackers have also released a sample of the data to validate their claims.
In an exclusive interview with the Digiato website, the hackers emphasized their decision not to inform Snapp Food's management before going public with the hack. Snapp Food, acknowledging the breach, issued a press release stating, "Initially, in collaboration with the Cyber Police, we are identifying and eliminating the source of contamination caused by the actions of this hacking group."
This is not the first time the hacking group has targeted a prominent Iranian service. In September, they reported a breach on the ride-hailing service Tapsi, affecting more than 33 million users. The hackers claimed to have engaged in negotiations with Tapsi's management for two weeks before making the breach public. However, the company refused to meet the hackers' demand of $35,000.
The recurrent nature of such incidents in Iran highlights the absence of stringent laws and penalties for negligence in safeguarding private information. The lack of user rights, including the inability to request the deletion of personal data, underscores the urgency for regulatory reforms to address the growing threat of information leaks in the country.