-
A hacker claims they stole a large TAPSI dataset that contains approximately 194 million entries of passenger & driver information.
-
The number of records within this dataset closely matches the figures of a breach that occurred back in 2023, so it is possible that this is not a newly stolen dataset to utilise, but instead may be an old dataset that was ‘repackaged’.
-
If accurate, there is a big possibility that passenger and driver history, along with GPS data, will be exposed, giving hackers information about millions of people’s identities, their daily routines, and even their precise home addresses.
One person on the dark web is selling an enormous amount of stolen data, they claim belongs to an Iranian ride-hailing app called TAPSI.
This database allegedly holds 194 million records. The actor is offering everything for sale at $40,000 in Bitcoin. The amount of data is somewhat similar to a previous data breach, which leads to suspicion that it’s either fake or not from a new breach at all.
What the Seller Says They Stole
The threat actor claims the dataset holds information on roughly 27 million passengers. That includes first names, last names, phone numbers, and city details. For drivers, the seller says they have about 6 million records. Those include names, phone numbers, city information, and national identification numbers.
The largest chunk of the alleged haul covers ride histories. The seller claims to have details on around 136 million trips. Each record reportedly includes passenger identifiers, pickup and drop-off addresses, shortened address data, and GPS coordinates.
On top of that, the listing mentions roughly 25 million device records. Those contain operating system information and device models.
The seller also claims to have stolen source code for TAPSI’s mobile apps, websites, and other internal tools. They reportedly shared a sample archive with potential buyers to prove they have the goods.
No one has publicly verified the sample yet. TAPSI has not commented on these new claims either.
Old Numbers or a New Hack?
Here is why people are paying attention. The numbers in this listing match almost exactly with a confirmed TAPSI breach from 2023.
Back then, attackers said they stole data on about 27 million passengers and 6 million drivers. TAPSI eventually confirmed that they experienced a breach after the hackers attempted to extort them.
The company’s execs said they declined payment of any ransom to the attacker. The stolen information then appeared for sale online.
So is this a brand-new attack? Or just someone reselling old data? Security researchers see older datasets pop up again all the time. Sometimes sellers repackage existing information and market it as fresh. Other times, they combine old records with new ones from the same original hack.
There’s been no independent verification of the full dataset so no one can say for sure. It could be a new breach. It could be an expanded version of the 2023 incident. Or it could just be a resale of data that has already circulated among cybercriminals for years.
Why the Ride Data Matters Most
Names and phone numbers are bad enough. But the real danger here might be the location data.
Ride-hailing apps hoard a ridiculous amount of location info, every pick-up, every drop-off, basically building a detailed map of people’s everyday routine. Where they work, where they live, their favorite coffee shop or doctor’s office, which makes this breach really concerning.
For drivers, the risks could be even higher. If the breach includes national identification numbers alongside personal details and location history, that combination is a goldmine for identity thieves.
Similarly, unverified claims of French healthcare data leaks involve sensitive medical information that could be weaponized for fraud and extortion.
Scammers could use that information for targeted phishing attacks. They could try to take out loans in someone’s name. They could even show up at a driver’s home pretending to be from the company.
Source Code Claims Add More Questions
The reference to stolen source codes has raised doubts. The customer’s data is often the main target, but with the attacker now having access to application code, the risk kind of intensifies.
Source code would allow an attacker to learn how the whole of TAPSI’s system works. They would identify potential security vulnerabilities in the app and may also obtain passwords or secret keys that were stored in the development files.
But then, there’s no way to know if the hacker’s claim is legit since there’s no public evidence yet that the source code has been compromised in any way. TAPSI hasn’t said anything about any new breach.
Currently, there is only one forum posting, for which there is no solid documentation verifying its authenticity. We can only conclude that the hacker is either repacking old leaks to make cool cash or is just bluffing to gain attention. Until we have solid proof, this remains just a rumor floating around.
Every TAPSI user should be cautious, change their password to something unique and stronger, and keep an eye out for phishing emails and text messages.