Turkish grocery delivery giant Getir is investigating claims of a data breach after hackers alleged they accessed the company’s intranet and leaked internal data. A post announcing the supposed intrusion appeared on a well-known data leak forum commonly used by ransomware and extortion groups to trade stolen information.
“Hackers claim they have breached Getir’s internal systems and accessed sensitive company data, though early analysis suggests the evidence may not support this claim,” researchers noted.
According to the threat actors, the breach allowed them to access internal applications and files. However, cybersecurity researchers remain skeptical about the legitimacy of these claims, pointing to inconsistencies in the leaked data.
Analysis Suggests the Data Likely Originated from a Third-Party Source
Cybersecurity researchers who analyzed the data samples found that the leaked material consisted primarily of metadata from Getir’s internal applications. The information included Bitbucket repository URLs, user permissions, project names, workspace IDs, and employee email addresses.
Investigators believe that the data was not obtained directly from Getir’s systems but rather from a third-party service provider linked to its operations. The findings suggest that attackers may have had access to metadata but not to sensitive internal databases or production environments.
Still, experts warned that even limited exposure of repository URLs and workspace IDs could assist threat actors in identifying misconfigurations or vulnerable endpoints within the company’s infrastructure.
Potential Security Risks and the Threat of Social Engineering
Although the compromised data may not contain direct customer information, researchers caution that attackers could exploit it to launch social engineering campaigns against Getir employees. Such efforts could involve impersonating internal communications or leveraging exposed metadata to gain deeper access.
“The exposed repository URLs and workspace IDs make it easier for attackers to look for unprotected endpoints or other accidental misconfigurations within a project,” researchers explained.
A successful social engineering attack could result in broader compromise, potentially allowing hackers to infiltrate the company’s source code repositories or internal management systems.
The alleged Getir breach adds to a growing list of cyber incidents targeting the online delivery sector. Earlier this year, European-based food delivery platform GonnaOrder inadvertently exposed live order data due to a misconfiguration. In April 2025, another attacker group claimed to have stolen 70 million lines of data from U.S.-based GrubHub.
These incidents underscore the growing cybersecurity risks faced by digital delivery platforms as they expand globally and rely heavily on cloud and third-party infrastructure.
Getir, valued at around $2 billion, operates primarily in Turkey but also offers services in select regions of the United States. The company has yet to publicly confirm or deny the breach claims but has been contacted for comment.
