Nearly 17 mn Zomato usernames, passwords stolen

About 17 million Zomato user records were stolen from their database which includes email addresses and hashed passwords, the company said on Thursday.

"No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," Zomato said in a blog post on Thursday.

So far, it looks like an internal (human) security breach -- some employee's development account got compromised, the post added.

As a precaution, the company has reset the passwords for all affected users and logged them out of the app and website.

The team at Zomato was actively scanning all possible breach vectors and closing any gaps.

The hashed password cannot be converted/decrypted back to plain text -- so the sanctity of password is intact in case users' use the same password for other services.

"But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the post read.

"Over the next couple of days and weeks, tha company will further enhance security measures for all user information stored within our database and will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach," Zomato said.

This is not the first time that Zomato has been hacked.

In 2015, the company was hacked by a white hat hacker who reported the details back to the company which later addressed the weaknesses.

This time, the details may be sold online.

--IANS

anuj/na/vm