Russian tech giant Yandex has blamed one of its employees for the hacking and subsequent leak of data from Yandex Food, a popular food delivery service in Russia. Among the many users affected are serving agents of Russia’s security services and military, who in several cases even ordered food to their places of work using their official email addresses. This leak includes user emails, a large number of phone numbers, addresses, and orders made on the platform. Russia’s state media watchdog Roskomnadzor has strongly attempted to block its proliferation. Some investigators have already uncovered leads for investigations into corruption from this data leak, namely the 170 million ruble (~$2 million USD) apartment of Russian president Vladimir Putin’s reported “secret daughter”. Bellingcat has analysed the data to verify its authenticity and uncover new investigative leads. By cross-referencing data points within this leak to independent sources including social media profiles and other leaked databases, we can confirm that it is indeed authentic. However, as with most data leaks, the vast majority of this information does not have legitimate research purposes, therefore we are not linking to the data itself. Personal details have been obscured in screenshots throughout this article. We have only used this leak to explore further information about the subjects of previous investigations – many of whom are members of Russia’s security services and military. What’s in the leak? The main part of the data leak includes order information, along with some personal information collected from the user. These include their Yandex.Food ID, address, contact details, delivery instructions, billing information and metadata. (…) During our investigation into the poisoning of Alexey Navalny by a team of FSB officers, we analysed numerous calls made by phone numbers linked to those carrying out and planning the operation. One number which surfaced quite often was to a research institute in Dubna, a northern Moscow suburb. We were unable to identify the owner of this phone number until searching for it within the Yandex.Food leak, which revealed the name of this person, who frequently spoke with the FSB officers planning Navalny’s poisoning. It is unclear exactly what role this person had with the organization and execution of Navalny’s poisoning, but he was on the phone with one of the FSB team members on the night of the poisoning and the following morning when Navalny was rerouted to Omsk. What’s more, he used his work email address when registering for the service, making it clear that this is the same person and not just a recycled phone number with a new owner. Military and security service identities Perhaps the most obvious use for this database (at least for Bellingcat) is to cross-reference the personal details of users with the functions of the facilities at addresses used for orders — in other words, to find spies and soldiers.
via bellingcat: Food Delivery Leak Unmasks Russian Security Agents