Cabify investigates after claims of massive driver data breach

A threat actor claimed to have stolen more than 430,000 driver records from Cabify, a major Spain-based ride-hailing company, and advertised the data on an underground leak forum frequented by cybercriminals. The post included a sample dataset that appeared to contain extensive personal information belonging to Cabify drivers, raising concerns about potential social engineering and identity-theft risks.

Cabify, headquartered in Madrid, operated in Spain and across Latin America, including Colombia, Argentina, Peru, and Uruguay. The company reported revenues nearing $900 million last year.

The leaked sample reviewed by independent researchers indicated the presence of full names, home addresses, email addresses, phone numbers, and Facebook Account Kit IDs. The dataset appeared to originate from driver records maintained by the platform.

Researchers said the combination of identifiable details and indications of drivers’ online profiles created a clear opportunity for targeted scams. The exposure of Facebook Account Kit IDs enabled attackers to link individuals to their social media presence, increasing the likelihood of convincing impersonation attempts.

Threat actors could use the information to pose as Cabify or other transportation services, sending fraudulent messages designed to lure drivers into clicking malicious links or downloading malware. The data also held potential value on dark-web marketplaces, where identity bundles were often traded to bypass verification checks or hijack existing accounts for unauthorized ride-hailing activity.