foodpapa.com data breach

foodpapa.com

What Happened

In early 2026, Pakistani food delivery app FoodPapa (foodpapa.com) suffered a major data breach when a threat actor named penguinbrew allegedly discovered and leaked its entire database backup—dated February 1, 2026—on a cybercrime forum after it was left exposed online without access controls. The 1.5 GiB SQL dump and additional 27 MB of cleaned tables exposed sensitive data for users (including names, phones, emails, passwords, wallet balances, loyalty points, auth tokens, and images) and delivery riders (including names, IDs, addresses, identity documents, vehicle details, earnings, and signatures), affecting an undisclosed number of records but described as substantial in scale. FoodPapa has not confirmed or responded publicly, prompting advice for users to change passwords and monitor accounts amid risks like phishing, SIM swaps, and physical threats to riders.

Compromised Assets

  • email
  • password
  • full name
  • phone

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches