Hackers claim to have stolen over 430,000 driver records from Cabify, publishing the database on a leak forum. The exposed information includes highly sensitive personal data that could lead to social engineering and identity theft.
Cybercriminals posted a message on a major data leak forum, announcing that they had obtained a database containing more than 430,000 records connected to Cabify drivers. Cabify, headquartered in Madrid, operates widely across Spain and Latin America, generating nearly $900 million in revenue last year.
Cybernews researchers analyzed a data sample attached to the hacker post and confirmed that the database appears legitimate. The exposed information includes:
full names;
home addresses;
email addresses;
phone numbers;
Facebook Account Kit IDs, enabling attackers to identify accounts linked to specific individuals.
According to researchers, these details create strong opportunities for targeted social engineering attacks. Threat actors could impersonate Cabify or other ride-hailing services, send phishing messages, or trick drivers into installing malware.
The stolen data may also be sold on black-market platforms, where identity bundles are used for bypassing verification checks, creating fake accounts, or hijacking legitimate profiles.
Cabify has not yet commented on the alleged breach.
Personal data leaks involving ride-hailing companies have become increasingly common as attackers target industries with large amounts of identity-rich information. Facebook Account Kit, whose identifiers appear in the leak, was a login system that linked users’ phone numbers and email addresses to online profiles—making it particularly valuable for cybercriminals.
Given the scale of Cabify’s operations across Latin America, the potential impact of the leak is significant, with thousands of drivers exposed to scams and account takeover attempts.
The alleged Cabify breach poses major security risks for over 430,000 drivers who may now face phishing, identity theft, and targeted fraud. Until Cabify issues confirmation or denial, affected individuals should stay vigilant, avoid suspicious messages, enable multi-factor authentication, and monitor their accounts for unusual activity.
