India's one of the most famous online restaurant guide and food delivery company, Zomato has admitted to a security breach on Thursday.
According to the Zomato's blog post, "About 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords." While the company has total 120 million users.
However, the company has claimed that the data is safe, and the stolen information consists of just user email addresses and hashed passwords.
The company claims the password can't be decrypted and need not to worry. However, an attacker can crack the hashes. If you are using the same password anywhere else, it is not recommend to change their also.
The company claims the password can't be decrypted and need not to worry. However, an attacker can crack the hashes. If you are using the same password anywhere else, it is not recommend to change their also.
It has assured the users that "payment-related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked."
"As a precaution, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors and closing any gaps in our environment." Zomato further added.
According to a report in security blog HackRead, "A hacker going by the online handle of 'nclay' is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace."
Zomato has assured its users that they will further improve their security system so that no such cases will happen again.