Victim of the latest cyber attack; It became Yemeksepeti, an online food ordering platform that was established in 2001 and serves more than 19 million users with over 35 thousand member restaurants in 70 provinces.

First of all, we would like to congratulate the Yemeksepeti team. 100% cybersecurity is not possible and never will be. However, what needs to be done is to keep the strategy and investments in the leg of people, workflows and technologies constantly updated by taking into account the changing threats.

Yemeksepeti transparently shared the cyber attack with the public, informed all affected members, and made an official notification to all relevant institutions, including the KVK Board, within a timely manner. In this respect, there is a positive process management. We are closely following the process from now on. On the other hand, there is serious personal data seized by cybercriminals. These personal data pose a greater risk for other platforms you use, such as online banking, online stock markets, and e-mail accounts, rather than unauthorized access to your Yemeksepeti accounts.

As CyberArts, we recommend individuals to do quickly:

• Passwords encrypted with SHA 256 are both theoretically and practically difficult to crack.
• But because your personal data is captured; If you have a password that contains your personal data in the list above, it means that it is easy to guess. In this case, you should definitely change your password.
• If you use the same password, especially on other platforms, you should enter these accounts and change your passwords one by one.
• You must have understood once again that you need to create a different password for each account from now on.
• You create passwords that are hard to guess.
• Although there is no evidence that card information has been compromised, you should use virtual credit cards for online shopping.
• This is not possible when logging into your Yemeksepeti account, but if you haven't turned on the 2-factor authentication feature when logging into your other critical accounts, you should do so.

For more detailed information, you can review the following contents:

https://www.youtube.com/watch?v=QVVqkEdD1f8

https://www.youtube.com/watch?v=qQDkxU5MyuM&t=7s

https://cyberartspro.com/kaba-kuvvet-saldirisi-ile-sifre-kirma/

https://cyberartspro.com/trojan-ve-keylogger-ile-sifre-calma/

https://cyberartspro.com/saldirganlar-parolalarinizi-nasil-tahmin-edebiliyor/

https://cyberartspro.com/guvenli_sifre_olusturmak_ve_saklamak/

Announcement of Yemeksepeti:

https://twitter.com/yemeksepeti/status/1375764826241314818?s=20

Kamuoyuna duyurumuzdur. / 2 pic.twitter.com/mk0AhwO8If

— Yemeksepeti (@yemeksepeti) March 27, 2021

Summary of the announcement:

“As we detected on the morning of 25.03.2021, the Yemeksepeti user database was attacked by an unidentified cyber hacker or hackers, and a security breach occurred. Some of the account information of Yemeksepeti users was seized by hackers.” it said.

Information obtained by cyber attackers;

• Name-surname
• Date of birth
• Phone Numbers Registered to Yemeksepeti
• Email Addresses Registered with Yemeksepeti
• Address Information Registered in Yemeksepeti
• Masked login passwords with the SHA-256 algorithm that is not visible

It was explained that there was no data breach including credit card information, financial information, and connected accounts, because this information was never stored by Yemeksepeti systems.

Yemeksepeti announced that it has informed the KVKK (Personal Data Protection Board), USOM (National Cyber ​​Incidents Intervention Center) and Istanbul Chief Public Prosecutor's Office.

 

---