Qraved

In July 2021 the Indonesian restaurant discovery and food delivery platform Qraved suffered a significant security breach. An unauthorized party gained access to the database containing approximately 1 million user accounts. The exposed data included sensitive personal information such as full names and email addresses. Additionally the leak contained phone numbers and passwords stored as MD5 hashes which are considered cryptographically weak and easily crackable by modern standards. This incident posed a high risk of identity theft and credential stuffing attacks for the affected users in the region.