2024 - Yemeksepeti is punished for stealing the data of 21 million people from KVKK!

PandemicIt changes our daily habits. Many of the things we once did physically are nowadays using mobile applications. Mainly used for food and grocery shopping Food basket and Bring The number of such applications is increasing day by day. However, this also brings some problems.

One of the first examples of such applications, Food basketDue to its popularity, it is often the target of cybercriminals. Finally, the platform, which appeared to have stolen user data in the past months, KVKK punished by Here are the details…

Yemeksepeti announced fast trade trends of 2021

Yemeksepeti sheds light on instant needs and shopping habits in line with the data obtained by evaluating the preferences of its users in 81 provinces.

Yemeksepeti fined 1 million 900 thousand TL

A group of hackers that emerged last October, Food basket put the information of its users up for sale. Thus, millions of users It was revealed that personal data such as open address, name-surname, phone number were stolen.

If immediately after Personal Data Protection Authority (KVKK), launched an investigation against the company. Finally, the institution, which completed the process, determined that the servers were infiltrated and fined Yemeksepeti 1 million 900 thousand TL. The total number of users whose personal information was accessed is 21 million 504 thousand 83 people. Here are all the findings of KVKK on the subject…

The server is accessed by installing an application and running a command due to a vulnerability on a web application server belonging to the data controller,
21.504.083 Yemeksepeti users were affected by the breach,
Affected personal data is username, address, phone number, e-mail address, password and IP information,
Considering the large number of people affected by the breach and the fact that almost the entire customer database was leaked, the breach was very large,
Considering the extent of the breach, the size of the leaked data and the nature of the leaked personal data, the breach will pose significant risks for the persons concerned, such as loss of control over personal data,
The person or persons entering the system, after logging into the system with malicious software and tools, information is collected by accessing other systems, the installation and operation of harmful software on the system cannot be noticed by the data controller for 8 days, so it is necessary to control which software and services are running in information networks and to infiltrate or prevent information networks. There is a fault of the data controller at the point of determining whether there is a movement that should not be,
It was stated that alarms occurred in security software since 18.03.2021, that these alarms were turned off without making the relevant notifications to the Yemek Sepeti Security Teams and taking the necessary actions for the products monitored by third party companies. When taken into consideration, this situation indicates that there is no effective control mechanism on the third party companies that the data controller receives service from and that there are deficiencies in the follow-up of security software and the use of security procedures,
Considering that the attackers transmit the data obtained from the data controller to an IP address/server location in France, the 28.2 GB data coming out of the system/outgoing traffic cannot be noticed by the data controller and this data traffic has traces on the firewall; Even though there are traces on the firewall, the fact that data leaks of this size are not noticed is an indication that security controls and data security monitoring are not carried out properly by the data controller,
Considering that it is stated that the server with the vulnerability is a server that has passed the penetration test, this situation shows that the penetration tests are not / were not carried out effectively by the data controller,
It is an indication that the data controller who processes a large amount of personal data experiences a breach of this magnitude and is late in responding, and does not determine the current risks and threats well.

So what do you think about this subject? Will the penalty imposed by the KVKK be sufficient for the company to take further measures? Give your feedback in the comments section or SDN ForumYou can share it with us.

source site-28

The culprit household item that disrupted the WiFi signal at home was discovered! You’ll never guess

Popular Meme Coin Attracted Attention with Its Performance: Here Are Those Levels to Watch!

Could These Five Altcoins Make New Millionaires by 2025?

Apple rolled up its sleeves! Foldable iPhone and iPad patent received

I found the app that finished my quota! – ShiftDelete.Net

Bitcoin Will Rise to $125,000, According to Peter Brandt – Here’s Why

Are You Waiting for Dogecoin (DOGE) Comeback? Discover 5 Cryptocurrencies That Could Stand Out

Rally Started in Meme Coin Market: Here are the 4 Tokens That Attracted the Most Attention!

The 10 Altcoin Networks with the Most Users in April Have Been Announced! Ethereum ranks 6th!

Master Analyst Named 2 Altcoins: Good Long-Term Choice!

Data Breach Allegation in This Giant Cryptocurrency Exchange: The Answer Has Come!

SWM G03F in Turkey: Here is its Price and Features

Nokia 3210 (2024) Announced: Price and Features

Why is there a Bosphorus named after Atatürk in Australia?

Artificial Intelligence Supported Video Idea Generation Feature for YouTube

The Story of Suzuki Founded by a Poor Farmer

Nintendo Removes More than 8000 Emulator Projects

Should We Continue to Use Technological Devices That Get Hot?

WhatsApp Statuses interface is changing! – ShiftDelete.Net

Bitcoin Made the Expected Movement: Whales Are Changing the Market Dynamics!

Yemeksepeti is punished for stealing the data of 21 million people from KVKK!

Yemeksepeti announced fast trade trends of 2021

Yemeksepeti fined 1 million 900 thousand TL

Adresse / England