Monday, 21 May 2018
Latest news
Main » Zomato reports data theft of 17 million users

Zomato reports data theft of 17 million users

19 May 2017

While the company has admitted in its blog post that both usernames and hashed passwords were stolen by hackers, it has strongly advised its consumers to change their passwords. Whoever heard of a hacker doing a thing like that?

Zomato tried assuring users that payment information was safe.

The restaurant discovery service and the food ordering platform Zomato was hacked with a security breach leading to the stealing of user details of about 17 million accounts. This included e-mails and hashed passwords. Thankfully, credit card information was not stolen.

All the stolen information was put up for sale - as is usually the practice when someone seals a large number of user account information - however, our thief turned to be out with some noble motives.

More news: Marcus Smart: John Wall wore down in Game 7 against Boston Celtics

While earlier Zomato speculated that this was an internal (human) security breach, which means possibly some employee's development account got compromised, Zomato has today updated its blog informing, this was actually a deed of a hacker, who basically wanted the platform to be aware of their loopholes.

Admitting that the hack was a sensitive matter as 6.6 million users had password hashes in the leaked data, which can be theoretically decrypted using brute force algorithms, Zomato said: "We will be reaching out to these users to get them to update their password on all services where they might have used the same password".

According to a blogpost on the company's website, the "ethical hacker" - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure.

The company also confirmed its intentions of introducing a bug bounty program with its attendant rewards.

More news: US imposes sanctions on Venezuela Supreme Court

According to the blog post, the hacker has also agreed to take the data off the dark web and destroy all copies of the stolen information. "The marketplace link which was being used to sell the data on the dark web is no longer available".

The company has assured only 5 data points were accessed by the hacker - name, user ID, username, password hash with salt and email address.

"No other information was exposed to anyone". "This means your password can not be easily converted back to plain text". Security is very important to maintain your customer's trust as well as their personal safety - and it should be dealt with as such.

This is not the first time that Zomato has been hacked.

More news: Leonardo DiCaprio And Nina Agdal Have Broken Up And We're Heartbroken

Zomato reports data theft of 17 million users