Last week there were rumors going around online and on whatsapp about Talabat’s customer database being hacked. The hacker supposedly was able to get access to Talabat’s customers addresses and published a file online containing a sample of addresses with a promise that more would be released soon. So I contacted Talabat right away to find out if this security breach was true before posting about it and I received the following response from them:
Dear Mark,
We have our internal security monitoring tools that notify us automatically in case of any hack attempts and have not received any threats about data leak. All our customer information is secured and not leaked to anyone. However, we take notice of such things very seriously and assure you that we are going to investigate this issue thoroughly and will get back to you upon completing our investigation.
Earlier today Talabat called me up to let me know that after thorough investigation they’ve concluded it to be not true and that their customers information were not leaked. I was also invited to pass by their offices and get a behind the scenes look on how they operate which I will be doing sometime this week.
From the looks of it this incident could be a competitor trying to smear them or even possibly a disgruntled ex-employee. In any case if anything new develops I’ll update this post.
16 replies on “Talabat was NOT hacked”
My lazy ass would probably starve, if not for Talabat! 🙂
+1
So they have at least 10,000 customers? Thats good!
How come they don’t have on their website that Symantec or any other security check thingie ?
My house address is listed in that database. I swear to god, no joke.
Where is the database? It’s the only way to tell if the hack was real or not instead of accepting company PR at face value.
I found it here https://multiupload.biz/2lzbptsarw8e/talabat.com_MultiUpload.biz.txt.html
lucky_boy can you email me
I have a some experience regarding the security stuff and when they say
“We have our internal security monitoring tools that notify us automatically in case of any hack attempts and have not received any threats about data leak. ”
is somehow silly from the technical perspective. Any one who knows basics of IT knows that hacking can be either internal or external. And in most cases, it will never notify anyone. It can simply be a stolen login details, or a security hole in the website application that will notify no one.
***COMMENT REMOVED BY REQUEST OF COMMENTER***
Well according to talabat they weren’t hacked. If it turns out they’re lying though they’ll end up getting exposed but right now I don’t have any other information other than what I posted.
actually can you email me your phone number? if I can confirm your name is actually in that database and it’s the same contact information as in your 6alabat account that might be a good starting point to finding out the truth.
***COMMENT REMOVED BY REQUEST OF COMMENTER***
i just emailed u
***COMMENT REMOVED BY REQUEST OF COMMENTER***
well reply to my email
My Spin on the Story
The link was posted on 4:01 am on 26th November. Talabat.come website is safe against POODLE and HeartBleed SSL.
Now SSL Certificate is Issued by Thawte but it’s due to expire in 13 days on 25th December.
This don’t seem to be a competitor or a disgruntled ex-employee, It may be a competitor trying to sell them
SSL certificate or it could be there own provider trying to prove that they security is essentials.
If I was there head of web security, I would probably see which companies had made the offer to renew my SSL Certificates
in the past few days and few other tricks.