Zomato hacked: 17 Million User Data Stolen in a Security Breach
Zomato
has suffered a security breach with over 17 million user records stolen
from the food-tech company's database. The stolen information has email
addresses and hashed passwords of customers.
According to Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.
According to Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.
This included emails and password hashes of registered Zomato users
with the price set for the whole package at $1,001.43 (BTC 0.5587) - BTC
here stands for Bitcoins. Hackeread adds the vendor also published data
and evidence to prove it was genuine.
Hashing turns an original password into an incoherent set of characters, bringing down the possibility of it being easily converted back to plain text. Although in theory the password may still be safe, Zomato is encouraging its users to change that password if used for any other services.
Amid the news of the leak, no payment information or credit card data has been stolen, according to a blogpost by the company. 'Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,' it states.
Despite assurances that increased levels of precautions were made to safeguard users' data, the company, as a preventive measure, has reset the passwords for all affected users and logged them out of its app and website. 'Since we have reset the passwords, affected users' zomato account as well as credit card information is secure, so there is nothing to worry about there.'
Hashing turns an original password into an incoherent set of characters, bringing down the possibility of it being easily converted back to plain text. Although in theory the password may still be safe, Zomato is encouraging its users to change that password if used for any other services.
Amid the news of the leak, no payment information or credit card data has been stolen, according to a blogpost by the company. 'Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,' it states.
Despite assurances that increased levels of precautions were made to safeguard users' data, the company, as a preventive measure, has reset the passwords for all affected users and logged them out of its app and website. 'Since we have reset the passwords, affected users' zomato account as well as credit card information is secure, so there is nothing to worry about there.'
In the blogpost, Zomato has attributed human error as the cause of the
security breach where an employee’s development account got compromised.
'Our team is actively scanning all possible breach vectors and closing
any gaps in our environment,' the blog stated.
Over the next couple of weeks, the company will reportedly work towards plugging further security gaps - if any - in its systems. This will include adding a layer of authorisation for internal teams having access to such data to avoid the possibility of any human breach.
Over the next couple of weeks, the company will reportedly work towards plugging further security gaps - if any - in its systems. This will include adding a layer of authorisation for internal teams having access to such data to avoid the possibility of any human breach.
"Over the next couple of days, we’ll be actively working to improve our
security systems - we’ll be further enhancing security measures for all
user information stored within our database, and will also add a layer
of authorization for internal teams having access to this data to avoid
any human breach," Zomato stated.
No comments: