Nearly 17 mn Zomato usernames, passwords stolen


New Delhi, May 18 (IANS): About 17 million Zomato user records were stolen from their database which includes email addresses and hashed passwords, the company said on Thursday.

"No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," Zomato said in a blog post on Thursday.

So far, it looks like an internal (human) security breach -- some employee's development account got compromised, the post added.

As a precaution, the company has reset the passwords for all affected users and logged them out of the app and website.

The team at Zomato was actively scanning all possible breach vectors and closing any gaps.

The hashed password cannot be converted/decrypted back to plain text -- so the sanctity of password is intact in case users' use the same password for other services.

"But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the post read.

"Over the next couple of days and weeks, tha company will further enhance security measures for all user information stored within our database and will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach," Zomato said.

This is not the first time that Zomato has been hacked.

In 2015, the company was hacked by a white hat hacker who reported the details back to the company which later addressed the weaknesses.

This time, the details may be sold online.

  

Top Stories


Leave a Comment

Title: Nearly 17 mn Zomato usernames, passwords stolen



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.