Yandex Food 2022 Data Breach
ObscureIQ Breach Intelligence
Low SeverityWebsite / service breach
Yandex Food Russian Food Delivery Service Breach (2022): 49 Million Customer Phone Numbers & Names Exposed
Food delivery service by Yandex.
Verified by ObscureIQ Intelligence
0/100Breach Risk Index
5Data Value
Breach Intelligence Summary
Entity: Yandex Food · Actor: Unknown · Sources: 2 references
Attack: Misconfiguration
Profile: Platform · Food delivery services · Marketplace + logistics platform · Russia
Timeline: Breach (2022-01-01) · Year (2022)
Exposure: 49.4M records · 2 fields: Full Name, Phone Number
Status: Reported
Executive Summary
Yandex Food, a Russian food delivery service operated by internet giant Yandex, suffered a data breach in February 2022 when an insider, reportedly a disgruntled employee, exfiltrated and published a large dataset online. The leak exposed approximately 49.4 million delivery orders. Yandex confirmed the incident. The exposed data included customers' full names, phone numbers, physical delivery addresses, and delivery instructions. This combination is particularly sensitive because it reveals where people live, their routines, and when they are likely to be home. For ordinary customers, this creates a real risk of delivery scams, phishing calls, and physical targeting based on inferred habits and residence. No formal regulatory enforcement action has been documented in publicly available sources. The dataset circulated online and was used by investigative journalists and open-source researchers to map the movements of Russian officials and sanctioned individuals, raising its public profile considerably. For affected individuals, the primary ongoing risks are unsolicited contact, fraud attempts, and the exposure of home address information to anyone who accessed the published data.
ObscureIQ assessment: High risk of fraud, delivery scams, and household targeting. Address and routine-order data can help attackers infer residence, habits, and likely availability.
Breach Impact
In February 2022 Yandex Food experienced a data breach in which an insider — reportedly a disgruntled employee — exfiltrated and published a dataset containing approximately 49.4 million delivery orders. The exposed data included customers' full names, phone numbers, physical delivery addresses, and delivery instructions. The breach drew particular attention in Russia because the delivery records allowed the mapping of personal movements and home addresses at a time of significant political tension following the Ukraine invasion. The dataset was published online and became a resource for Russian investigative journalists and open-source researchers examining the delivery patterns of sanctioned individuals and government officials. Yandex confirmed the incident. No formal enforcement action has been documented in publicly available sources.
About Yandex Food
Yandex Food was a food delivery service operated by Yandex, Russia's largest technology and internet company. The platform connected restaurant partners with consumers in major Russian cities, functioning as the Russian equivalent of services like DoorDash or Deliveroo. Following Russia's invasion of Ukraine in 2022 and subsequent international sanctions, Yandex began restructuring its business globally, and Yandex Food has since been rebranded as Yandex Eats as part of broader organizational changes.
Why They Hold Your Data
Food-delivery platforms collect user accounts, phone numbers, addresses, order history, payment-adjacent records, and location-linked delivery data tied to commerce and logistics services.
Recent Developments
Yandex has undergone significant corporate restructuring following sanctions imposed after Russia's 2022 invasion of Ukraine. The company divested several international operations and reorganized its Russian assets. The food delivery service has continued operating in Russia under modified branding. Western partnerships and expansion plans were curtailed by the sanctions environment.
Data Points Exposed
2 verified field types
Full Name High
Phone Number
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- SIM swap attacks where phone numbers are present
Threat vectors:
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Yandex Food breach?▾
Yandex Food, a Russian food delivery service operated by internet giant Yandex, suffered a data breach in February 2022 when an insider, reportedly a disgruntled employee, exfiltrated and published a large dataset online. The leak exposed approximately 49.4 million delivery orders. Yandex confirmed…
What data was exposed?▾
Verified fields include Full Name, Phone Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation