Zomato Hacked, 17 Million User Records Stolen; Claims Payments Data Is Safe
Zomato on Thursday admitted to a major security breach, where around 17 million user records – out of the company’s 120 million users – were stolen from its database. According to the company, usernames and hashed passwords were stolen by the attackers – the fact that the passwords were encrypted means that they will be harder to access, but such troves of data do eventually get cracked, so a sensible move would be to change your Zomato password right away, and also to change it on any site where you use the same passwords. At the same time, we must also remind our users that using the same passwords across multiple sites is a really bad idea, so if you’re doing that anywhere, please change your passwords, and get a password manager.
Coming back to Zomato, the company disclosed the attack in a blog post, where it also mentioned that all payment data is stored separately from the stolen data, and that no payment information or credit card data has been stolen. In a mailed statement, the company added that All payment information on Zomato is stored in a highly secure PCI Data Security Standard (DSS) compliant vault. It added: “We can also confirm that we have found no evidence whatsoever of any of Zomato’s other systems or products being affected.”
This is not the first time that Zomato has been targeted in a hacking attack. In 2015, the company was hacked by a white hat hacker who reported the details to Zomato, which addressed the weaknesses, according to reports. This time however, a report says that the stolen usernames and passwords are being sold online.
[“source-ndtv”]