ZOMATO REPORTS DATA THEFT OF 17 MILLION USERS; CARD DETAILS SAFE
PAYMENTRELATED INFORMATION WAS NOT STORED ALONG WITH THE STOLEN DATA, ZOMATO CLAIMS
Hackers have stolen 17 million user records from food technology start-up Zomato Media Pvt. Ltd, and according to one report, put them up for sale online. Zomato, India’s bestfunded food tech company, confirmed the breach, one of the biggest in a home-grown consumer Internet company.
“The reason you’re reading this blog post is because of a recent discovery by our security team. About 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords,” Zomato’s chief technology officer Gunjan Patidar wrote on an official blog.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text. We however, strongly advise you to change your password for any other services where you are using the same password,” he added.
Zomato claimed that payment-related information was not stored along with the stolen data. “No payment information or credit card data has been stolen or leaked,” the blog post said.
The company has reset passwords for all affected users and logged them out of the app as a preventive measure. The com- pany also said that about 60% of its users, who log in to Zomato through Google or Facebook, are at “zero risk”.
A report on Hackread.com, however, said the stolen data is up for sale in the dark web, a part of the Internet accessed only with special software, rendering users and website operators almost untraceable. According to the Hackread report, a seller by the name “nclay” has offered to sell the stolen data from Zomato for about a thousand dollars.
It was not immediately clear if the stolen data pertains to users in India or globally. Zomato, which has raised about $225 million from the likes of Info Edge (India) Ltd, Vy Capital and Sequoia Capital, is one of the few Indian consumer Internet startups to have gone global. The company has operations in 24 countries, and claims to aggregate about 1.2 million restaurants.
This is not the first time Zomato data has been compromised. In June 2015, a hacker claimed to have hacked into the firm’s database to highlight technical flaws. The breach was acknowledged by Zomato and corrective actions taken.