The global grocery delivery platform Getir has reportedly been targeted by attackers who claim to have breached the company's internal network and leaked data. However, cybersecurity researchers from Cybernews express skepticism, suggesting the attackers may not have gained deep access to Getir's core systems.
Details of the Alleged Breach
The claim was posted on a popular data leak forum used by cybercriminals. The attackers stated they "hacked" Getir's intranet system. Getir, a Turkish company valued at approximately $2 billion, also operates in select areas within the US.
Upon investigating the provided data samples, the research team concluded the information is likely a metadata dump of internal Getir applications, rather than deeply sensitive user data. The leaked items include Bitbucket repository URLs, user permissions, project names, workspace IDs, and employee email addresses. Researchers speculate the attackers may have obtained this data through a third-party service provider rather than by directly compromising Getir's main systems.
Potential Risks for Getir
Despite the skepticism regarding the source of the breach, the exposed data still poses risks. Malicious actors could use the employee email addresses for targeted social engineering attacks, potentially leading to deeper, unauthorized access to the company's network.
Furthermore, the exposed repository URLs and workspace IDs make it easier for attackers to search for unprotected endpoints or accidental misconfigurations within Getir’s projects. This information could be used to craft more sophisticated future attacks, ultimately aiming for source code access or other proprietary data. This incident follows similar data theft issues faced by other delivery platforms, including GonnaOrder and GrubHub, in recent years.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
