Hackers who stole Turkish online food delivery giant's user data threaten to sell it if ransom not paid

Hackers who stole Turkish online food delivery giant Yemeksepeti's user data have threatened the company with selling it if the ransom they requested is not paid. The hackers claim that they have the data of 20 million users.

Duvar English 

Hackers who stole Turkish online food delivery giant Yemeksepeti's user data have threatened the company with selling it if the ransom they requested is not paid, Deutsche Welle's Turkish service reported on Nov. 21. 

The hackers, who said they're based in Russia, demand nearly three million liras from Yemeksepeti to stop them from selling the data of some 20 million users to the highest bidder. 

Yemeksepeti previously announced that hackers demanded ransom from the company, but that no data breaches took place. The hackers, however, shared the personal information of some journalists and Twitter users with a high number of followers to refute the company's statement. 

Responding to Deutsche Welle's questions, the hackers denied that they're Chinese or Turkish, noting that they have members from various countries. 

The hackers said that they initially sent an email to Nevzat Aydın, the former CEO who stepped down on Nov. 1, to list their demands because they thought Aydın would pay the ransom in the face of such a breach. 

"Aydın was the CEO when we sent the email. He resigned afterwards. We conveyed our demands to the new CEO, Mert Baki, but he didn't take us seriously," they said, noting that Delivery Hero, which owns Yemeksepeti, might have pressured the company to not make the payment. 

According to the hackers, they stole the data nearly a month ago and that the company was given until Nov. 22 to make the payment. 

This is not the first time that Yemeksepeti made news because of cyber-attacks and data breaches. A similar incident took place on March 25 and the company admitted that their data was stolen at the time. 

The company, which said that necessary security measures were adopted, currently faces fines from the Personal Data Protection Authority (KVKK) and the Information and Communication Technologies Authority (BTK) for failing to secure its data.