Zomato users should start taking steps to secure their personal information. According to a blog post by India's largest online restaurant guide, about 17 million user records have been stolen from their database. The stolen information, according to Zomato, has user email addresses and hashed passwords.
So, how bad is the hack? The company claims that payment-related information is stored separately from the stolen data "in a highly secure PCI Data Security Standard (DSS) compliant vault". Zomato has claimed that no payment information or credit card data has been stolen or leaked.
Also, the post claims that the hashed passwords cannot be converted or decrypted back to plain text, thereby preserving their "sanctity". However, the post advises users to change their passwords, especially if they use the same password for any other online services.
In fact, if you find yourself logged out of your Zomato app, do not panic. As a precaution, Zomato claims that it has reset the passwords for all affected users and logged them out of the app and website. The company claims: "Your credit card information on Zomato is fully secure, so there’s nothing to worry about there."
According to security blog hackread.com, the stolen data is available for purchase on the Dark Web. Hackread claims to have found a vendor, going by the online handle “nclay”, who claims to be the hand behind the hack and is selling the data on a popular Dark Web marketplace.
According to the blog, the price set for the whole package is $1,001.43. Hackread tested the sample data made available by the self-proclaimed hacker and claims that the test showed that "each and every" account made available as part of the sample was indeed a legitimate Zomato account.
Zomato claims that the leak looks like the result of an internal (human) security breach. The blog post says, "Some employee’s development account got compromised".
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%