Skip to content
Tips? Soon
Support
Sign In Subscribe
Data Breaches

Indian Food Delivery App Deliware Allegedly Breached, Exposing User Data, Tokens, and Stripe Keys

 and  Dark Web Informer
10 min read
Breach Report India flagIndia Food Delivery

Indian Food Delivery App Deliware Allegedly Breached, Exposing User Data, Tokens, and Stripe Keys

A threat actor using the alias NightBroker has posted what they describe as the database of Deliware (deliware.app), an Indian food-delivery app serving restaurant owners, delivery drivers, and customers. The actor says the breach exploited an exposed demo administration panel and that the data mixes test and real customer, restaurant, and order records. The leak reportedly comprises six JSON files, including users.json (1,572 records), restaurants, orders, promo codes, and brands, plus an admin settings file said to contain Stripe API keys. The user records reportedly pair personal details (name, phone, email, date of birth, gender, registration address and geolocation) with authentication tokens, one-time passwords, password-reset keys, and payment references. The dataset's authenticity and scope are unverified.

Data1,572 users
AccessPoints-gated
CountryIndia flagIndia
ActorNightBroker

Post details

TargetDeliware (deliware.app), food delivery app
CountryIndia flagIndia
SectorFood Delivery / Tech
ClaimDatabase leaked (6 JSON files)
Data1,572 users + restaurants/orders + admin secrets
VectorExposed demo admin panel
ObservedJun 22, 2026
ActorNightBroker

!Allegedly included

  • 6 JSON files (users, orders, etc.)
  • 1,572 user records
  • Names, phones & emails
  • Dates of birth & gender
  • Registration address & geolocation
  • Auth tokens, OTPs & reset keys
  • Payment refs (card, Stripe IDs, wallet)
  • Stripe API keys (admin settings)

Screenshot

Deliware India alleged leak Screenshot 1 Screenshot 1 Redacted preview

Potential impact

This is a high-severity breach despite its modest size, because it allegedly exposes far more than user PII. The user records reportedly combine personal data (names, phone numbers, emails, dates of birth, and home registration addresses with geolocation) with account-takeover material: authentication tokens, one-time passwords, and password-reset keys. Most seriously, the leak is said to include an admin settings file containing Stripe API keys, which if live could enable direct payment fraud and unauthorized access to the payment processor, warranting immediate key rotation. Exposed auth tokens and reset keys similarly raise the risk of account hijacking. The actor notes the data mixes test and real records, so the true number of affected real users is unclear. No user records, tokens, secrets, API keys, or download links are reproduced here. The dataset's authenticity and scope are unverified.

iStatus

Unverified

Sample records and a download were posted to a forum behind a points paywall; the sample records, tokens, secrets, and download links are not reproduced here. If confirmed, the exposure of API keys and authentication tokens would warrant urgent credential rotation. The claim has not been independently confirmed and Deliware has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest