Zomato, the leading online restaurant guide on Thursday admitted that about 17 million user records from its database were hacked. The...
Zomato, the leading online restaurant guide on Thursday admitted that about 17 million user records from its database were hacked. The stolen database includes user email addresses and hashed passwords.
"The hashed password cannot be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the company explains on its official blog.If a report by Hackread is to be believed then a dark web vendor that goes by the handle "nclay" have claimed to hack Zomato. The stolen data is being sold a popular Dark Web marketplace. The report notes that the price of the entire stolen data is worth 0.5587 bitcoins which is equivalent to Rs 65418.98.
Meanwhile, Zomato on its blogpost has assured that the payment related information on Zomato is stored separately by a secured by a top-notch security standard vault. " Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked."
The company has mentioned that it has reset the passwords for all the stolen accounts and also logged out all these users of the app and website. " Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach - some employee's development account got compromised."The company has informed that it will upgrade the security measures for all user information stored within our database and also add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach.This isn't the first time that Zomato accounts have been compromised. The company also encountered a hacking attack in 2015 when its 62.5 million users data was stolen.
COMMENTS