Zomato Announces Major Security Breach: 17 Million User Records Stolen
Online security has been in the spotlight for the past few days. WannaCry, a bug which hijacks files on computers and holds them to ransom has been spreading across the world, while closer to home, popular restaurant discovery and ordering platform, Zomato, has just reported a security breach.
The Security Notice
Four hours ago, on its blog, Zomato reported that about 17 million user records from the company’s database were stolen. The information includes email addresses and hashed passwords. However, the blog post states that no payment information or card data has been leaked as it is stored separately.
Zomato states that the breach was internal; an employee’s Zomato development account was compromised. Reportedly, a dark web vendor called ‘nclay’ claims to have stolen the data and is selling it on a Dark Web marketplace for 0.5587 bit coins (Rs.65,428.98).
Zomato has logged all its users out of its app and website and is asking them to change their passwords on any platforms which they use the same password, despite the fact that they used hashed passwords for their platform.
“Our team is actively scanning all possible breach vectors and closing any gaps in our environment,” says the blog post. “Over the next couple of days and weeks, we’ll be actively working to plug any more security gaps that we find in our systems,” it adds.
To round up the post, it says that it “regret(s) any disruption this may cause and appreciate your immediate attention to this information.”