Announcing he was hacked in the past days Food basket About the Personal Data Protection Authority (KVKKThe explanation was shared by. KVKK announced how many people’s data were affected. An investigation has been initiated on the subject.
You may be interested in
Giant UK penalty for Ticketmaster who bought Biletix
According to the statement of KVKK, Yemeksepeti user 21 million 504 thousand 83 people personal data fell into the hands of attackers. It was determined that the first unauthorized access to data was made on March 18, 2021. Yemeksepeti examined this issue on March 25 and realized that it was attacked.
Yemeksepeti notified the data breach to KVKK after noticing the data leak. The data breach notification briefly included the following statements:
- A web application server of the Yemek Cart was accessed by the person or persons whose identity could not be determined by the data controller on 18.03.2021,
- Under normal circumstances, when there is an unauthorized access, a problem has been recorded on the vehicle that warns, but the unauthorized access cannot be noticed due to a malfunction
- When the alarms on 25.03.2021 are examined, a suspicious behavior is detected,
- There is an opening on a web application server belonging to the lunch box, using this opening, the application is installed and the server can be accessed by running the command,
- By creating a user on the server by the attackers, data is tried to be collected and traffic is sent to remote servers,
- İhlalden 21.504.083 the person is affected,
- It is evaluated that the personal data affected by the breach are partially determined by the data controller and that the data in question are user name, address, telephone, e-mail, password, IP information,
- It is stated that credit card or financial data are not affected, that the credit card storage service is provided by Mastercard, independent of the data controller,
- It has been stated that the relevant persons can receive information about the violation via the e-mail address [email protected]
The Personal Data Protection Board has started an investigation, but has not yet did not initiate an investigation. In the statement made, it was stated that the examination of the board is continuing. Depending on the result of the investigation, an investigation may be initiated.
What Information Was Stolen?
Yemeksepeti first of all that your credit card information is secure transferred. No, including credit card information financial information was not captured. Passwords, on the other hand, were captured in encrypted form. The stolen information is as follows:
- Ad – Soyad
- Date of birth
- Telephone numbers registered on Yemeksepet
- E-mail addresses registered in Yemeksepet
- Address information registered to Yemeksepet
- Login passwords that are not clearly visible, masked by the SHA-256 algorithm.