Aric Toler, of Bellingcat, explored leaked data from Yandex’s food delivery division to uncover plenty of orders from Russian intelligence officers:
Steady streams of data flow out of Russia for a number of reasons, but the most obvious include petty corruption, pervasive human error and the state’s own comprehensive surveillance laws being turned against them.
Following the “Yarovaya Laws” being adopted in 2016, Russian telecom operators were required to maintain customer data. This data was intended just for the security services to use, but is also often illicitly sold to online buyers. Thus, a law meant to strengthen the FSB and other security services has been used against them when Bellingcat and other investigative outlets acquire the retained telecom data of FSB officers to reveal wrongdoing.
Other delivery apps could — and should — dispose of this data immediately, but those in Russia are obligated to retain it. It turns out that police states face exactly the same vulnerabilities as anywhere else, but their policies ensure greater liabilities.