Brinztech Alert: The Alleged Database of Getir and BiTaksi is Leaked

Dark Web News Analysis

The dark web news reports a significant data breach affecting the on-demand economy, specifically targeting Getir (rapid grocery delivery) and BiTaksi (ride-hailing). A threat actor on a hacker forum has re-uploaded a dataset containing a sample of 200,000 customer records.

The leaked data is highly sensitive, bridging the digital and physical worlds. It reportedly includes Full Names, Physical Addresses, Phone Numbers, Email Addresses, and critical Geographical Location Data. The re-upload of this data suggests that it is circulating actively within the cybercriminal community, increasing the likelihood of widespread exploitation.

Key Cybersecurity Insights

Breaches of transportation and delivery apps are uniquely dangerous because they reveal not just who a person is, but where they are and their daily patterns:

• The Physical Stalking Threat: The exposure of Geographical Location Data and Physical Addresses is the most severe risk. For BiTaksi users, this could reveal travel history or frequent destinations. For Getir users, it reveals exactly where they live. Malicious actors can use this to profile high-net-worth individuals or stalk victims by analyzing their movement patterns.
• “Delivery Fee” Smishing: With access to Phone Numbers and knowledge of the user’s service usage, attackers can send highly credible SMS phishing (Smishing) attacks: “Your Getir order cannot be delivered due to an unpaid fee of 5 TL. Click here to pay.” The context makes the scam nearly indistinguishable from real notifications.
• Burglary Planning: Analyzing delivery frequency or taxi data can theoretically help criminals identify when a homeowner is away or traveling, creating a window for physical burglary.
• Regulatory Fallout (GDPR/KVKK): Both companies handle massive amounts of consumer data. A leak of this magnitude likely violates data protection regulations like GDPR (in Europe) or KVKK (in Turkey), exposing the companies to massive fines and class-action lawsuits.

Mitigation Strategies

To protect personal safety and account security, the following strategies are recommended:

• Mandatory Password Reset: Getir and BiTaksi should enforce an immediate global password reset for all users to prevent account takeovers.
• Address Audit: Users should check their saved addresses in the apps. If possible, avoid saving home entry codes (e.g., “Key under the mat”) in the delivery notes field, as this data may also be compromised.
• Scam Vigilance: Be extremely skeptical of any SMS claiming a delivery issue or taxi payment error. Always check the app directly rather than clicking links.
• Data Minimization: Users should review the privacy settings on their mobile devices and restrict background location access for apps that do not need it constantly.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com