Brinztech Alert: Database of Cabify is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database from the ride-sharing and mobility company Cabify. This claim, if true, represents a critical, large-scale data breach impacting the company’s drivers and, potentially, its customers.

The alleged breach, which was just posted this week (Week 47, November 2025), is for a database of over 430,000 records.

This is not a simple PII leak. The seller claims the data is exceptionally sensitive and includes:

• Full PII (Usernames, Full Names, Emails, Phone Numbers, Addresses)
• Identity IDs (e.g., National ID numbers)
• Driver’s License IDs
• License Expiration Dates

My analysis confirms that Cabify’s driver onboarding process does require the verification of ID documents and driver’s licenses, making it highly plausible this data exists within their systems. The exposure of this “goldmine” dataset provides a complete, one-stop toolkit for criminals to commit mass identity theft, financial fraud, and sophisticated social engineering.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Extensive PII & Identity Document Exposure: The dataset contains highly sensitive PII, including official identity and license details, making affected individuals extremely vulnerable to identity theft, financial fraud, and sophisticated social engineering attacks.
• Significant User Impact: With over 430,000 records, a large user base (likely drivers) is compromised, magnifying the potential for widespread abuse of the leaked data and increasing regulatory scrutiny.
• High Risk of Account Takeover (ATO) & Credential Stuffing: The presence of usernames and email addresses, potentially combined with fbAccountKitId, facilitates credential stuffing attacks if users reuse passwords, leading to ATO across multiple platforms.
• Severe Regulatory and Reputational Consequences: A breach of this scale, particularly involving sensitive ID documents, carries substantial risks of significant regulatory fines (especially under GDPR, as Cabify is a Spanish company) and severe damage to CabIfy’s brand reputation and user trust.

Mitigation Strategies

In response to this claim, the company and all affected individuals must take immediate action:

• Immediate Incident Response & Forensic Investigation: Launch a comprehensive incident response to identify the breach’s root cause, scope, and impact, and implement containment measures to prevent further data exfiltration.
• Mandatory Password Reset and MFA Enforcement: Force a password reset for all potentially affected Cabify user accounts and strongly encourage or enforce multi-factor authentication (MFA) to mitigate account takeover risks from leaked credentials.
• Enhanced Monitoring for Credential Stuffing and Phishing Campaigns: Implement advanced monitoring solutions to detect and block login attempts using leaked credentials and proactively scan for phishing campaigns targeting Cabify users based on the exposed email addresses.
• Data Minimization and Encryption Review: Conduct an internal audit of data retention policies to ensure only essential data is collected and stored. Additionally, review and strengthen encryption protocols for all sensitive customer data both at rest and in transit.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com