If you’re a Zomato user, then this piece of news might be important to you.
The food delivery app today shockingly announced that the app was recently hacked, and the security breach has resulted in compromising the data of over 17 million users on its network.
According to a security blog, Hackread, a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace. The database, which includes emails and password hashes of registered Zomato users is being sold for USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit.
Zomato is primarily unfazed by the whole chain of events and claims that even though the usernames and hashed passwords were stolen by the attackers, but the fact that the Zomato passwords were encrypted means that they will be harder to access. However, experts have a different opinion to offer. According to them, though it is a difficult task but such data eventually does get cracked.
Though the company has claimed that it is confident that there is nothing to worry, but it has strongly recommended its users to change their password for any other services that they are using the same password.
Publishing a blogpost on the security breach, company has also assured that all the payment data of its customers is stored separately from the stolen data, and that no payment information or credit card data has been stolen. The blogpost reads, “Your credit card information on Zomato is fully secure, so there’s nothing to worry about there.”
The food delivery app as a precaution has reset the passwords for all affected users and logged them out of the app and website. The company’s security team is actively scanning all possible breach vectors and closing any gaps that might be present in their environment. According to the company, its preliminary investigation is pointing towards an internal (human) security breach- possibly one of its employee’s development account got compromised.
Interestingly, this isn’t the first time that Zomato has been hacked. The food delivery was previously hacked two years ago by an Indian ethical hacker Anand Prakash, who not only discovered a critical security flaw in the app’s data recall system but also informed the company about the same.