Zomato says 17 million user accounts hacked

Alain Brian
Mai 19, 2017

Zomato, an online food delivery service platform, suffered from a massive cyber attack that led to theft of data of 17 million registered users along with their hashed passwords.

"The hashed password can not be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services", the company said in a blog post, while urging users to use different passwords for different services.

It said that it believes the breach took place when an employee's development account was compromised and is now adding additional security for internal teams who have access to customer data. However, Zomato did reassure that the stolen data did not comprise of any financial information.

The startup said the "hashed" passwords could not be decrypted but recommended users change their login details if they use the same password for other services.

Zomato has confirmed the robbery in a blog post, stating that the information includes names, email addresses and hashed passwords.

Zomato has also assured users that its security measures will be enhanced and that an extra authorisation cover will be provided to all internal users to secure the data.

In its apology to users, Zomato said, "We regret any disruption this may cause and appreciate your immediate attention to this information".

The hashed password can not be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services.

Going by a report by The Economic Times, citing Hackeread.com, a user named nclay claiming to be responsible for the hack warns selling the data on dark web marketplace. That team is now busy "scanning all possible breach vectors", but Patidar notes that, on the glass-half-full side, all the thieves got were email addresses and encrypted passwords. India's largest online food guide app on Thursday admitted that usernames and hashed passwords were stolen by the attackers.

However the company has asked the users to change the passwords right away to stay safe, also do not use the same passwords for multiple sites, using same passwords for multiple sites is not a good idea.

D'autres rapports CampDesrEcrues

Discuter de cet article

SUIVRE NOTRE JOURNAL