Founded in 2001 with the idea of ordering food online Food basketserves millions of users. The company, one of the most successful internet initiatives in our country, receives orders from tens of thousands of users every day.
Of the company from the official Twitter account According to the announcement, some of the database information was captured by hackers. A letter was issued to users about this situation.
Yemeksepeti user information fell into the hands of hackers
Your letter posted on Twitter a part of summarizes the situation: “As we detected in the morning hours of 25.03.2021, the Yemeksepeti user database was attacked by unidentified cyber hackers or hackers and a security breach occurred. Some of the account information of Yemeksepeti users was captured by pirates. “
It is our public announcement. pic.twitter.com/tIJ1ykokwx
– Yemeksepeti (@yemeksepeti) March 27, 2021
According to the details in the rest of the letter, the user information captured by hackers is as follows:
- Date of birth
- Telephone numbers registered in Yemeksepeti
- E-mail addresses registered in Yemeksepeti
- Registered home and work address information on Yemeksepeti
- Data of user passwords encrypted with SHA-256 algorithm
User passwords SHA-256 It is broken because it is encrypted with its algorithm. almost impossible. Credit card and other payment information are among the details emphasized that they are safe. Any security problem as the card information is not in Yemeksepeti’s own database, but in the remote database of MasterCard. does not exist.
What will Yemeksepeti do from now on?
The company explained this title in the letter, as it was asked to every company that was attacked by cyberattack:
Starting from 09:30 on 25.03.2021, when we first detected the possibility of circumventing the cyber security shield and data theft, we started to work with all our software and cyber security teams and security consultants on the details of the violation. After we determined that the violation was limited to the items explained in the list as a result of the work done, we quickly started working to share the information we obtained with our users, the necessary legal authorities and the public in all transparency.
It is unsafe to have date of birth and name and surname in the information obtained by hackers guessing passwords can provide. If the password you use on the platform is not strong enough, we recommend that you change it. To maximize security, you can use random password generators.
What do you think about this situation?