More than 1.7 crore users of Zomato are in for a surprise when the company said its website has been hacked and all the data was stolen, sending shockwaves across all its users who had trusted the food comparison and facilitator.
In a security notice, Zomato said, “The reason you’re reading this blog post is because of a recent discovery by our security team – about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.”
It stated that since the hashed password cannot be converted/decrypted back to plain text, the sanctity of users’ password is intact but advised them to change the password if they use similar one in other places and online purchases.
Since payment related information on Zomato is stored separately from the stolen data in a highly secure PCI Data Security Standard (DSS) compliant vault, no payment information or credit card data has been stolen/leaked, said Zomato in its press release.
Here is what Zomato said:
“As a precaution, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” said Gunjan Patidar of Zomato who had posted the security notice.
How can this stolen information be misused?
Zomato said, “Since we have reset the passwords for all affected users and logged them out of the app and website, your zomato account is secure. Your credit card information on Zomato is fully secure, so there’s nothing to worry about there.”
Over the next couple of days and weeks, Zomato said it will work to plug any more security gaps in their systems and further enhance their security measures for all user information stored within their database. “A layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach,” said Zomato.
In its apology to users, Zomato said, “We regret any disruption this may cause and appreciate your immediate attention to this information. If you have queries/concerns, please do not hesitate to contact our security team by sending an email directly to email@example.com and we’ll reach out to you right away.”