Zomato Leading Restaurant Guide in India Hacked
There has a security breach at Indias largest restaurant guide Zomato. One of the blog post in the security blog HackRead says – “A vendor going by the online handle of ‘nclay’ is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.”
This report was later confirmed by the company admitted to the major security lapse in its blog post. The blog post said – “The reason you’re reading this blog post is because of a recent discovery by our security team — about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords,”
The company has a strong user base of 120 million users and claims that the data is safe. The post assured the users about the safety of their data saying – “The hashed password cannot be converted/decrypted back to plain text – so the sanctity of your password is intact in case you use the same password for other services.” It has assured the users by clarifying that the payment details related data is stored on another highly secure PCI Data Security Standard (DSS) compliant vault. As a result of which no payment information or credit card data has been stolen/leaked.
Zomato has reset passwords of all users whose passwords have been compromised and also logged them out of the app and website as a precautionary measure. Another team is actively scanning for any other possible breach vectors and seal any further threats.
Further Zomato said – “Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised.”
Whereas HackRead in its blog claims that the hacked data was worth $1001.43 and also presented samples from the collection of data to prove the legitimacy of the data.
HackRead goes on further to mention that the sample data has been tested on Zomato.com login page and each and every account mentioned in the sample list exists on Zomato. The HackRead team has also sent the password to reset email to some of the email addresses given in the data for further confirmation of the hackers claims.
It was later confirmed that the data is ‘genuine’ as email IDs turned to be registered with Zomato.
Zomato was founded in 2008 by Deepinder Goyal and Pankaj Chaddah and operated in 23 countries including India, Australia and the United States.
Also Read: WannaCry India Attack Summary Report