A threat actor using the alias, privilege, has exposed an alleged database of HeyFood.Africa, a popular food delivery and marketplace platform widely used in Nigeria. The dataset allegedly contains over 139,000 user records, including data from consumers, vendors, and drivers.
The dataset is reported to include:
- Full Names
- Phone Numbers & Emails
- Dates of Birth
- Hashed Passwords (bcrypt)
- Account creation timestamps
- Vendor, consumer, and driver roles
- Referral details (codes, links, and reward stars)
- Admin and account status information
This alleged leak presents a significant privacy and security risk, as it combines personally identifiable information (PII) with encrypted credentials and personal data.
If verified, the breach could expose users to:
- Account Takeover Attempts: Despite bcrypt encryption, weak or reused passwords remain at risk.
- Targeted Phishing: Attackers could exploit personal details to craft convincing social engineering campaigns.
- Vendor/Driver Fraud: Exposure of business-related data could impact operational trust and financial stability for platform partners.
Disclaimer: This report is based on alleged threat actor claims. CyHawk Africa does not verify or confirm the authenticity of such claims and bears no intent to defame. Content is for awareness and defensive purposes only.