While the company has admitted in its blog post that both usernames and hashed passwords were stolen by hackers, it has strongly advised its consumers to change their passwords. Whoever heard of a hacker doing a thing like that?
Zomato tried assuring users that payment information was safe.
The restaurant discovery service and the food ordering platform Zomato was hacked with a security breach leading to the stealing of user details of about 17 million accounts. This included e-mails and hashed passwords. Thankfully, credit card information was not stolen.
All the stolen information was put up for sale - as is usually the practice when someone seals a large number of user account information - however, our thief turned to be out with some noble motives.More news: Saudi looks to assert regional role with Trump summit
While earlier Zomato speculated that this was an internal (human) security breach, which means possibly some employee's development account got compromised, Zomato has today updated its blog informing, this was actually a deed of a hacker, who basically wanted the platform to be aware of their loopholes.
Admitting that the hack was a sensitive matter as 6.6 million users had password hashes in the leaked data, which can be theoretically decrypted using brute force algorithms, Zomato said: "We will be reaching out to these users to get them to update their password on all services where they might have used the same password".
According to a blogpost on the company's website, the "ethical hacker" - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure.
The company also confirmed its intentions of introducing a bug bounty program with its attendant rewards.More news: Cornerstone Financial Partners LLC Sells 355 Shares of Colgate-Palmolive Company (CL)
According to the blog post, the hacker has also agreed to take the data off the dark web and destroy all copies of the stolen information. "The marketplace link which was being used to sell the data on the dark web is no longer available".
The company has assured only 5 data points were accessed by the hacker - name, user ID, username, password hash with salt and email address.
"No other information was exposed to anyone". "This means your password can not be easily converted back to plain text". Security is very important to maintain your customer's trust as well as their personal safety - and it should be dealt with as such.
This is not the first time that Zomato has been hacked.More news: Birdie binge puts Thompson on top at Kingsmill
- Trump won't use Israel trip to announce embassy move
- Senate Intelligence Committee leaders demand Comey's notes
- NBA Conference Semi-Finals, Game 7: Wizards vs Celtics
- Moon's special envoy arrives in China for talks on summit, N
- Jose Berrios: Berrios fans 11 Rockies in nightcap shutout
- Special counsel pick could boost faith in Justice Dept.
- Leonardo DiCaprio And Nina Agdal Have Broken Up And We're Heartbroken
- Oil Market Is Rebalancing Yet OPEC's Work Not Finished, IEA Says
- Trump says former Sen. Lieberman a frontrunner for FBI job
- Putin: Russia willing to turn over transcript of Trump meeting with Russians