Data of 100K Hey You users allegedly for sale on the dark web

One threat actor is advertising a database allegedly belonging to an Australian food ordering app, Hey You.

The dataset for sale allegedly contains data from over 100,000 Hey You customers. The data includes names, usernames, phone numbers, emails, passwords, and addresses, media outlet reports.

Hey You is an order-ahead app where you can order and pay for your food and drinks in advance, allowing you to avoid queues when arriving at the restaurant for a pick up.

After reviewing the data sample shared by the threat actor, the outlet concluded that many emails appeared in the previous breaches. While that suggests the dataset might be just a compilation of old data, discovered several unique email addresses. The leaked emails are both personal and corporate email addresses.

The leaked passwords appear to be hashed but some have been previously cracked.

We’ve reached out to Hey You via their contact form and are awaiting their reply.

Last year, Gizmodo Australia reported a security incident concerning Hey You users. Apparently, users could be randomly logged into the wrong accounts. Hey You described it as a “technical incident” that affected over 1,000 users.