While the company has admitted in its blog post that both usernames and hashed passwords were stolen by hackers, it has strongly advised its consumers to change their passwords. Whoever heard of a hacker doing a thing like that?
Zomato tried assuring users that payment information was safe.
The restaurant discovery service and the food ordering platform Zomato was hacked with a security breach leading to the stealing of user details of about 17 million accounts. This included e-mails and hashed passwords. Thankfully, credit card information was not stolen.
All the stolen information was put up for sale - as is usually the practice when someone seals a large number of user account information - however, our thief turned to be out with some noble motives.More news: Oil Market Is Rebalancing Yet OPEC's Work Not Finished, IEA Says
While earlier Zomato speculated that this was an internal (human) security breach, which means possibly some employee's development account got compromised, Zomato has today updated its blog informing, this was actually a deed of a hacker, who basically wanted the platform to be aware of their loopholes.
Admitting that the hack was a sensitive matter as 6.6 million users had password hashes in the leaked data, which can be theoretically decrypted using brute force algorithms, Zomato said: "We will be reaching out to these users to get them to update their password on all services where they might have used the same password".
According to a blogpost on the company's website, the "ethical hacker" - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure.
The company also confirmed its intentions of introducing a bug bounty program with its attendant rewards.More news: United States will not re-impose sanctions on Iran's Nuclear Programme
According to the blog post, the hacker has also agreed to take the data off the dark web and destroy all copies of the stolen information. "The marketplace link which was being used to sell the data on the dark web is no longer available".
The company has assured only 5 data points were accessed by the hacker - name, user ID, username, password hash with salt and email address.
"No other information was exposed to anyone". "This means your password can not be easily converted back to plain text". Security is very important to maintain your customer's trust as well as their personal safety - and it should be dealt with as such.
This is not the first time that Zomato has been hacked.More news: US imposes sanctions on Venezuela Supreme Court
- First Look at Sonequa Martin-Green's New Role in 'Star Trek: Discovery'
- Trump won't use Israel trip to announce embassy move
- Jeremy Corbyn's Labour hits highest rating of campaign after manifesto launch
- Moon's special envoy arrives in China for talks on summit, N
- Special counsel pick could boost faith in Justice Dept.
- Wisconsin and Oklahoma governors to tour damage
- Former Fox News chief Roger Ailes dies at 77
- Cornerstone Financial Partners LLC Sells 355 Shares of Colgate-Palmolive Company (CL)
- Guardiola: Barca or Bayern would have sacked me
- North Korea telephone line may be reopened, Seoul says