Gnavi Data Breach Exposes Over 600k Records and Manager Data

Gnavi (Gourmet Navigator, Inc.), a major Japanese online restaurant guide and booking platform based in Tokyo, has allegedly been compromised. A threat actor claims to have exfiltrated and dumped a database containing approximately 102MB of data. The leak reportedly consists of 639,434 lines of records. Gnavi, founded in 1996, is a prominent digital directory that evolved to include user reviews and reservations, and is associated with major holdings in the region.

According to the actor, the allegedly compromised database contains extensive information regarding restaurants, managers, and platform operations. The data fields identified in the sample include:

• Restaurant names and IDs

• Manager full names and email addresses

• Primary and secondary phone numbers

• Physical addresses, cities, and postal codes

• Social media handles (Facebook, Instagram, Twitter)

• Reservation platforms and order details

• Founder bios and management team details

• Review scores and counts (Google, Tabelog, TripAdvisor)