{
	"id": "d1ab8a6c-c06c-4cc9-8464-e9dc1f0bd249",
	"created_at": "2026-04-06T00:06:10.357867Z",
	"updated_at": "2026-04-10T03:33:20.855187Z",
	"deleted_at": null,
	"sha1_hash": "8a26fe30515f9321d3860f8a066253d38026b858",
	"title": "Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of Data Stolen",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 201971,
	"plain_text": "Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of\r\nData Stolen\r\nPublished: 2024-01-02 · Archived: 2026-04-05 13:15:13 UTC\r\nA hacker or hacker group, identified as “irleaks” (presumably indicating Iran Leaks), publicly disclosed the\r\nSnappfood cyber attack on Breach Forums and Telegram over New Year’s Eve.\r\nSnappfood, a prominent online food delivery service in Iran, has fallen victim to a major data breach, during\r\nwhich cybercriminals stole personal information of millions of customers, Hackread.com can confirm.\r\nOperating similarly to other food delivery platforms, Snappfood facilitates users in Iran to conveniently order food\r\nfrom a diverse range of restaurants through its mobile app or website, subsequently having it delivered to their\r\ndoorstep. It forms part of the larger Snapp group, which includes Snapp’s ride-hailing services.\r\nIn the wake of this data breach, an individual operating under the alias “irleaks” (presumably indicating Iran\r\nLeaks) publicly disclosed a sample of the stolen data on the notorious Breach Forums, indicating the specifics of\r\nthe compromised information.\r\nAs seen by Hackread.com, the hacker claimed to have acquired an extensive trove of data exceeding 3TB.\r\nAllegedly, the stolen records include:\r\n1. Customer Information: Details of over 20 million customers, including usernames, password hashes,\r\nemail addresses, full names, dates of birth, and phone numbers.\r\n2. Vendor Records: Records of 240,000 vendors, featuring names, addresses, phone numbers, email\r\naddresses, GPS locations, and managers’ names.\r\n3. Payment Information: Payment details of over 600,000 customers, incorporating card owner names,\r\ncustomer full names, phone numbers, card numbers, and bank names.\r\n4. Device Data: Data from 180 million devices, including device types, platforms, tokens, and store names.\r\n5. Product Orders: The hacker alleges to have accessed more than 880 million product order records.\r\n6. Orders: Apparently, 360 million order details, encompassing IP addresses, delivery addresses, delivery\r\nphone numbers, city, time, customer full names, vendor details, and prices, were compromised.\r\n7. Biker/Rider Details: The breach also affected the details of the bikers or riders responsible for order\r\ndelivery, with 35,000 records, including full names, phone numbers, national ID card details, and cities,\r\nbeing stolen.\r\n8. Trip Details: The breach allowed “irleaks” to extract trip-related information, comprising 130 million\r\nrecords containing source names, addresses, GPS locations, phone numbers, destinations, and addresses.\r\nhttps://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/\r\nPage 1 of 4\n\nirleaks’ post on Breach Forums (Screenshot credit: Hackread.com)\r\nSnappfood Acknowledges the Data Breach\r\nWhile the official Snappfood Iran website was inaccessible at the time of writing this article, on December 31,\r\n2023, the company publicly acknowledged the breach on Twitter (now X), acknowledging the issue. Snappfood’s\r\nsocial media representative disclosed that Iran’s Cyber Police (FATA) is actively working to identify the breach’s\r\nsource.\r\nHowever, the company maintains that customers’ payment data, especially card security codes (CCV), passwords,\r\nand expiration dates, remain secure and were not accessed by hackers.\r\nAgreement between Snappfood and “irleaks”?\r\nIn a subsequent tweet on January 1, 2024, Snappfood claimed that an agreement had been reached with the hacker\r\ngroup, preventing the sale or leakage of the data online. While the specifics of the agreement remain undisclosed,\r\nSnappfood’s claim appears substantial, given that the hacker group had deleted their post from Breach Forums and\r\nremoved the sample link previously shared on the forum and their Telegram channel at the time of writing.\r\nDiscover more\r\nFood\r\nfood\r\nHacking \u0026 Cracking\r\nAdditionally, a post from the hackers on their Telegram channel confirms the agreement and outlines the next\r\nsteps for the affected company and customers. The following content has been translated using Google Translate:\r\nThe issue of Sold Out in one of the forums was that due to the uncertainty of the negotiation outcome\r\nfor our team, we decided to temporarily write “sold”; But now after getting confirmation from\r\nSnapfood, we deleted the post completely.\r\nFollowing the negotiations we had with the Snapfood team, the data of this collection has not and will\r\nnot be sold to anyone. Snapfood’s management team showed that people’s information and brand\r\nreputation are more valuable to them than anything else.\r\nhttps://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/\r\nPage 2 of 4\n\nirleaks\r\nTelegram post by irleaks confirming the agreement – Screenshot credit: Hackread.com\r\nNevertheless, if both parties adhere to their agreement, it could be deemed a positive outcome for the company\r\nand its customers. Hackread.com has reached out to the hackers for a potential interview about the data breach,\r\nand this article will be updated accordingly if they respond.\r\nWho is “irleaks”?\r\nThe identity of “irleaks” remains unknown, but the group is known for communicating in the Persian language.\r\nThis is the same group that, in August 2023, was selling insurance data of Iranian citizens on the well-known\r\nprivate Russian hacker forum Exploit.in.\r\nhttps://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/\r\nPage 3 of 4\n\nScreenshot credit: Hackread.com\r\nIran and Cyber Attacks\r\nThis incident is not the first instance of a high-profile company like Snappfood falling victim to a data breach. In\r\nApril 2019, TAP30 (now TAPSI) exposed its database, revealing the personal details of millions of drivers and\r\ncustomers. Additionally, in May 2021, the Raychat app, a popular Iranian social and business messaging platform,\r\nwas hacked, resulting in the leakage of data from more than 150 million users.\r\nRELATED ARTICLES\r\n1. Personal details of 42M Iranians sold on a hacking forum\r\n2. Disruptions at 70% of Iran’s Gas Stations Blamed on Cyberattack\r\n3. Anonymous Hits Iranian State Sites, Hacks Over 300 CCTV Cameras\r\n4. Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers\r\n5. Iranian State TV Hacked During President’s Speech on Revolution Day\r\nSource: https://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/\r\nhttps://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.hackread.com/iranian-food-delivery-snappfood-cyber-attack/"
	],
	"report_names": [
		"iranian-food-delivery-snappfood-cyber-attack"
	],
	"threat_actors": [
		{
			"id": "99c72af2-9b8a-412d-840b-09a9d54dec81",
			"created_at": "2024-09-20T02:00:04.583095Z",
			"updated_at": "2026-04-10T02:00:03.699949Z",
			"deleted_at": null,
			"main_name": "IRLeaks",
			"aliases": [],
			"source_name": "MISPGALAXY:IRLeaks",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775433970,
	"ts_updated_at": 1775792000,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8a26fe30515f9321d3860f8a066253d38026b858.pdf",
		"text": "https://archive.orkl.eu/8a26fe30515f9321d3860f8a066253d38026b858.txt",
		"img": "https://archive.orkl.eu/8a26fe30515f9321d3860f8a066253d38026b858.jpg"
	}
}