A forum user is claiming to possess and sell data allegedly stolen from Wiyak, a Kuwait-based transportation platform that offers ride-hailing, taxi, limousine, delivery, vehicle recovery, and business logistics services. The seller claims the dataset includes user records, driver information, booking details, transaction histories, and location data.
The seller claims to have obtained the platform’s entire database and is offering the purported dataset for $25,000 through escrow. The listing alleges access to customer and driver contact information, email addresses, physical addresses, trip records, wallet balances, transaction data, and user location information.
The claims remain unverified. Wiyak had not issued any public statement at time of publication, and BreachNews could not independently verify the authenticity of the data or determine how the alleged access was obtained.
According to its website, Wiyak serves both consumers and business customers through ride-hailing, taxi, delivery, chauffeur, and last-mile logistics services across Kuwait. If authentic, the alleged exposure could affect both passengers and drivers as well as corporate transportation and delivery operations that rely on the platform.
Database samples accompany sale listing
The forum post includes multiple screenshots and database excerpts that appear to show records associated with Wiyak’s operations. The samples reference user account data, booking records, trip information, driver details, transaction logs, location history, and administrative platform data.
The posted excerpts allegedly contain information associated with riders and drivers, including contact details, booking metadata, trip coordinates, corporate account information, and operational records used by the platform.
BreachNews is not publishing the underlying records because they contain sensitive information belonging to individuals.
Attached screenshots suggest broad platform access
In addition to database excerpts, the seller shared screenshots appearing to show dozens of exported SQL and JSON files allegedly taken from Wiyak systems.
The filenames visible in the screenshots reference user accounts, driver records, booking addresses, booking invoices, corporate customer information, corporate transactions, payment requests, payment activity logs, driver bank details, user payment card records, driver shifts, restaurant partner records, authentication token data, webhook logs, address caches, tariff information, and administrative credentials.
Several screenshots also appear to show large transaction-related datasets and operational files that would typically be associated with backend platform management systems.
The screenshots below show file listings allegedly provided by the seller. The images appear to reference SQL database exports and administrative JSON datasets associated with user accounts, drivers, bookings, payments, pricing, dispatch operations, and platform administration. BreachNews reviewed the screenshots but is not publishing any underlying customer or driver records.
While the filenames alone do not prove the authenticity of the claim, they provide additional context supporting the seller’s assertion that they possess a significant collection of platform-related data.
Location and transportation records reportedly included
The seller specifically claims the dataset contains user location information, driver records, completed transaction data, and operational details related to platform activity.
Sample data reviewed by BreachNews appears to reference trip coordinates, pickup and destination information, booking records, dispatcher information, pricing data, and account metadata. If authentic, exposure of this type of information could create privacy risks for both customers and drivers.
The listing also claims access to driver information and contact details. Exposure of transportation platform records can increase the risk of phishing, social engineering, account takeover attempts, and fraud targeting affected users.
Verification remains outstanding
At the time of publication, BreachNews found no public statement from Wiyak addressing the claims.
The seller provided screenshots and sample data intended to support the alleged breach, but the origin and authenticity of the material remain unconfirmed. As with many underground marketplace listings, claims should be treated cautiously until independently verified or acknowledged by the affected organization.
Organizations that discover customer information exposed online often face elevated risks from phishing campaigns and credential-based attacks. Readers concerned about potential exposure can review our guide on how to respond when you receive a data breach notification.
