A threat actor has allegedly leaked a database containing 139,123 user records from HeyFood, a popular food delivery and marketplace platform based in Nigeria. HeyFood is a significant player in the African food-tech industry, providing a digital application that connects restaurants with customers and delivery drivers in various Nigerian cities. The alleged breach was announced on a hacking forum, where the data was posted for other members to access.
The compromised dataset allegedly contains a wide range of personally identifiable information (PII) affecting customers, vendors (restaurants), and drivers registered on the platform. The leak exposes sensitive details that could be exploited by malicious actors for phishing campaigns, identity theft, and other fraudulent activities. While the passwords included in the dump were reportedly hashed using bcrypt, the exposure of other personal data still poses a significant risk to affected individuals.
The leaked data allegedly includes the following information:
- Full Names
- Phone Numbers
- Email Addresses
- Dates of Birth
- Hashed Passwords (bcrypt)
- Account Join Dates
- User roles (Vendor, Consumer, Driver)
- Referral Codes
