Two Large Data Leaks Surface

Two very different companies just landed in the same kind of trouble: a Saudi shopping and delivery platform reportedly had about 7 million user records exposed, and a Chilean workplace safety software company is dealing with a claimed 6.1 terabyte leak being offered for sale. The common thread is simple: one breach hits shoppers, the other can hit the companies that run mines and energy sites. (cyfirma.com) (zyght.com) Shukah is not a tiny side project. Its own site says it is an electronic platform that brings restaurants and shops together in one app so customers can browse menus, place orders, and use delivery services in Saudi Arabia. (shukah.com) The reported Shukah leak is large because consumer apps collect the same details over and over: names, phone numbers, addresses, order history, and login data. A 2025 Saudi cyber threat report from CYFIRMA described a Saudi retail-related dark web leak with more than 7 million records and sample data that included personal and transactional information such as full names, phone numbers, addresses, payment methods, and transaction details. (cyfirma.com) That kind of data does not need a credit card number to cause damage. A phone number plus an address plus a recent order can be enough for phishing messages that look real, fake delivery calls, account takeover attempts, or password-reset scams aimed at the same email used on other sites. (haveibeenpwned.com) (dehashed.com) Zyght sits in a different part of the economy. It sells cloud software for health, safety, and environmental management, and its own materials say it works with major mining companies in Chile and Latin America, including Codelco, SQM, Anglo American, Glencore in Peru, and Lundin Gold in Ecuador. (zyght.com 1) (zyght.com 2) Health, safety, and environmental software is the system companies use to track incidents, inspections, permits, risk reports, and compliance tasks. If that data leaks, the problem is not only employee privacy; it can also expose plant layouts, contractor lists, internal audits, and the paper trail around accidents and shutdown risks. (zyght.com 1) (zyght.com 2) Zyght’s reach also grew recently. The company says it was acquired by Australian mining software firm Datamine, which described itself as serving 6,000 companies, so a breach around Zyght is not just a local software story in northern Chile anymore. (zyght.com 1) (zyght.com 2) The size claim in the Zyght case matters because 6.1 terabytes is not a spreadsheet leak. At that scale, sellers on criminal forums are usually signaling bulk files like documents, exports, attachments, images, backups, or source material that buyers can mine later for credentials, contracts, and operational details. (ransomware.live) (dailydarkweb.net) These two cases show the same weak point from opposite ends. Consumer platforms expose millions of ordinary people at once, while industrial software vendors can expose a smaller number of companies but much deeper internal data, which is why attackers keep going after both retail apps and business software stacks. (cyfirma.com) (zyght.com) If you used Shukah, the practical move is to change your password anywhere you reused it and watch for fake delivery messages tied to your phone number. If your company uses Zyght or similar safety software, the urgent job is to rotate credentials, review third-party access, and assume that any uploaded compliance document or incident record could become public if the seller’s claim is real. (haveibeenpwned.com) (dehashed.com)