-
A hacker, who goes by the name NightBroker, claims to have attacked Deliware and acquired six JSON files of user data containing 1,572 users’ details and administrative settings.
-
The leaked data contains authentication tokens, OTPs, password reset (recovery) keys and Stripe API keys that would enable account takeover and payment fraud, if proven correct.
-
Deliware has not verified their claims and the hacker uploaded the initial sample of the data behind a paywall for voluntary points.
A cybercriminal using the name NightBroker claims to have breached Deliware, an Indian food delivery app. The hacker says they accessed an exposed demo administration panel and stole several databases.
The purported leak contains six JSON documents that apparently relate to users along with restaurants, orders, and promotional data. Based upon reports, user records contain user names, telephone numbers, email addresses, date of birth, gender, registration address, and geolocation details. Authentication tokens, one-time passwords, password reset tokens, and payment reference numbers have also been leaked.
One file reportedly holds Stripe API keys from the admin settings. If these keys are still active, criminals could use them to commit payment fraud.
Exposed Data Goes Beyond Basic User Information
The leaked data reportedly includes 1,572 user records, along with restaurant and order details. While this number is small compared to other breaches, the information is highly sensitive.
Customer accounts reportedly store authentication tokens and password-reset keys. Anyone with access to these could take over user accounts without needing passwords. One-time passwords and payment references also appear in the stolen files.
Similar sensitive data was reportedly exposed in a breach of Pakistan’s FoodPapa platform, where an open database leaked customer information and order details.
The threat actor notes that the data mixes test records with real customer information. This means it is unclear exactly how many genuine users the breach affected. The hacker posted sample records and a download link on a forum behind a paywall.
Stripe API Keys Create Serious Financial Risk
The presence of Stripe API keys in the alleged leak is the most concerning aspect. Payment processing keys allow access to transaction systems. If the keys are still active, attackers could process fake payments, refund transactions, or steal funds.
Security experts often warn that developers often overlook configuration files in most cases. These files can reveal API endpoints, development credentials, and integration details. Attackers can exploit this information even where there is limited customer data.
This is not the first time to witness an exposure of Stripe keys in a data breach. Security researchers have documented similar incidents where payment keys stored in logs or configuration files led to financial losses.
Deliware has Not Confirmed the Breach
Deliware has not issued any public statement about the alleged breach. The claims remain unverified at this stage.
Researchers have warned that the public should not always consider dark web posts to be reliable. This is because criminals tend to inflate the details of a crime. That said, the presence of actual sample data and all the other specifics included in the posting indicates that these claims could be valid enough to warrant further investigation.
The food delivery sector has experienced ongoing attacks from cybercriminals. One such attack occurred last year against KiranaPro, an Indian grocery company that suffered a cyber-attack that wiped all its servers and huge amounts of customer data. Criminals gained access to KiranaPro’s systems via a former employee’s login.
The Deliware case may follow a similar pattern. The hacker claims to have exploited an exposed demo administration panel. Poorly secured testing environments often become entry points for attackers.
