Zomato security breach: 17 million user records stolen
The company has asked all its users to change their passwords immediately and assured that payment data was secure
In a massive security breach, 17 million user records from Zomato were stolen. India's largest online food guide app on Thursday admitted that usernames and hashed passwords were stolen by the attackers. The company has asked users to change their passwords right away.
"The hashed passwords cannot be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the blog said. An important note put out by Zomato read, "Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked."
The food guide giant maintained that all payment data is stored separately from the stolen data and that no payment information or credit card data has been stolen. In a statement that was sent through e-mails, the company added that "All payment information on Zomato is stored in a highly secure PCI Data Security Standard (DSS) compliant vault". "We can also confirm that we have found no evidence whatsoever of any of Zomato's other systems or products being affected," the statement read.
This would not be the first time that Zomato has been targetted by hackers. In 2015, the company's site was hacked and the hacker reported the details to Zomato, which addressed the weaknesses. Data including passwords and usernames that has been stolen from the company's database this time around, reports suggests, is being sold online. Hackers are selling the data for fixed prices on the dark net.
Zomato in its blog has mentioned that it has reset passwords for all affected users and logged them out of the app and website. Investigations are underway to identify the breach to close gaps. The company claimed that it looked like an internal breach and either an employees details were stolen or an employee caused the security breach.
Zomato reassured its users that accounts have been secured and that the payment information was saved separately, reiterating that there was no need for concern. "Over the next couple of days, we'll be actively working to improve our security systems - we'll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach," Zomato stated.
OneIndia News
-
Thunderstorm Warning In Delhi NCR: IMD Issues Orange Alert Amid Sudden Weather Shift -
UP STF Nabs Maulana Abdullah Salim Over Controversial Comment On CM Yogi's Mother -
Masood Azhar’s Brother Mohammad Tahir Dies In Pakistan Under Mysterious Circumstances, Cause Yet To Be Known -
VerSe Innovation Appoints P.R. Ramesh as Independent Director and Chair of Audit Committee to Strengthen Governance Ahead of Next Phase of Growth -
“Not Going To Be There Too Much Longer”: Trump Signals Endgame In Iran War -
Iran Threatens To Hit US Companies in Region From April 1, Names Microsoft, Apple, Tesla, Boeing -
‘IPL Official’ Found Dead in Mumbai Hotel, Probe Underway -
Leander Paes To Contest West Bengal Assembly Elections 2026? Tennis Star Joins BJP Ahead of Assembly Polls -
April 1 Rule Changes: PAN, New Tax Law, ATM, FASTag, Cards to Impact Millions, What’s Changing? -
China, Pakistan Call for Immediate Ceasefire in Iran War, Push Peace Talks ‘As Soon As Possible’ -
Iran’s New Hormuz Plan Targets Global Shipping with Tolls, What Does It Mean? -
Are Banks Closed or Open Today on Mahavir Jayanti? RBI Issues Special March 31 Instructions
Click it and Unblock the Notifications
Sign in with Google