Food delivery co data leak unmasks Russian security agents

According to independent security analysts Bellingcat, a food delivery co data leak has revealed significant personal data and unmasks many Russian security agents.

The leak from online food company Yandex Eats revealed many personal details of serving agents including names, phone numbers, addresses and a list of their orders.

Whilst that is not unusual, what is in this case is that many of these individuals used work email addresses to order and even had the orders delivered to their work addresses. As a result the information, which Russia’s state media watchdog Roskomnadzor has tried desperately to block its sharing, the details of secret service agents, their whereabouts and office details have become public knowledge.

Those who have interrogated the data have apparently uncovered many leads to follow up involving corruption and other crimes. Included in the information are details regarding Russian President Vladimir Putin’s daughter and her 170 million rouble (1.823 million euros) apartment.

Bellingcat have verified the data using cross-references and links to social media, however they say much of the data is unusable or of little value.

The data includes Yandex.Food ID’s, addresses, contact details, delivery instructions, billing information and metadata. One of the addresses verified by Bellingcat is Dorozhnaya Street 56 in Moscow, a facility known to be linked to the Russian National Guard (Rosgvardia), which has been active in the invasion of Ukraine.

Another example is the request for the order to be sent to military unit 3792, and that they should call the listed number when they arrive to pick it up at the front gate. This military unit number corresponds to the 681th Special Motorised Regiment of Rosgvardia.

Interestingly the data includes map coordinates, presumably the method used by the company to deliver. This detail is highly valuable as it allows users to pinpoint locations.

Bellingcat also searched the data using known names such as the high ranking GRU officer Andrei Ilchenko. That search revealed a Ministry of Foreign Affairs’ Consular Service address. Further research into this individual through leaked Moscow oblast vehicle registration information revealed a license plate to a luxury car, which was photographed in Kyiv in 2019.

Perhaps the most beneficial use for this database (at least for Bellingcat) is to cross-reference the personal details of users with the functions of the facilities at addresses used for orders. That allows those with access to the data to find spies and soldiers.

The leak is just one of many recently that has seen a steady flow of sensitive data out of Russia, withy increased cyberattacks from Ukrainian and pro-Ukrainian hacker organisations.

As the war continues and the Russians become increasingly isolated so the data leaks like that of the food delivery co data are likely to become more common place.

Thank you for taking the time to read this article, do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.