The Turkish fast-food delivery platform Getir, valued at over $2 billion, has found itself at the center of a scandal after hackers claimed to have hacked its intranet and published the stolen data on a forum. Cybernews researchers conducted their own investigation and concluded that it was likely not a full-fledged system hack, but rather a metadata leak via a third-party service provider. The post about the alleged compromise of Getir appeared on a popular leak forum, which is often used by ransomware groups to share stolen information. The attackers claimed to have “hacked the company’s intranet.”
The Cybernews team analyzed the provided data samples and found that they contained:
URLs of Bitbucket repositories,
workspace IDs,
employee email addresses,
user access rights and project names.
According to the researchers, this data indicates unprotected metadata of internal applications, and not direct access to customer databases. Presumably, the information was obtained through the compromise of a third party that had technical integration with Getir systems.
Nevertheless, even such a leak poses risks – attackers can use the metadata for social engineering, attacks on company employees or finding vulnerable endpoints in its projects. This potentially opens the way for further cyberattacks, including access to source code or internal infrastructure.
Getir is one of the most famous express delivery services operating in Turkey, the USA and Europe. This is not the first time the company has faced information risks: in 2024–2025, similar leaks were experienced by the GonnaOrder (EU) and GrubHub (USA) platforms, which lost tens of millions of records.
Cybernews analysts emphasize that the increase in the number of hacks in the field of e-commerce and delivery is associated with a high concentration of personal data and an insufficient level of security in integrated IT chains. Even minor configuration errors can open access to confidential information.
The Getir incident is yet another confirmation that even partial leaks of technical metadata can become the basis for large-scale attacks. Companies should conduct regular security audits, limit public access to repositories, implement zero-trust architecture, and train staff in cyber hygiene rules. One untimely corrected configuration failure can turn into a reputational crisis and millions of losses.
