Foodpapa.pk, a Pakistani food delivery platform, was allegedly compromised when a January 2026 backup was uploaded to a dark web forum, exposing a total of 239,109 accounts. The leaked dataset reportedly includes full names, phone numbers, email addresses, bcrypt password hashes, JWT and Firebase tokens, CNIC numbers, vehicle registrations, home addresses, and API/refresh credentials. #Foodpapa #bcrypt #JWT #Firebase #CNIC
Keypoints
- 239,109 accounts were allegedly exposed, including customers, delivery personnel, and administrators.
- The breach reportedly stems from a January 2026 backup uploaded to a dark web forum.
- Exposed authentication data includes bcrypt password hashes, JWT and Firebase tokens, refresh tokens, and API credentials.
- Personal identifiers leaked include full names, phone numbers, email addresses, CNIC numbers, home addresses, and father names.
- Vehicle information such as license plates and registrations was also included, raising risks of identity and location misuse.
Read More: https://dailydarkweb.net/foodpapa-pk-data-breach-exposes-239k-user-and-driver-records/