India’s largest food discovery and ordering platform zomato has suffered a security breach with over 17 million user records stolen and now being sold on the dark web. The stolen information has email addresses and hashed passwords of customers. Meanwhile, company disclosed attack in blog past : "The reason you’re reading this blog post is because of a recent discovery by our security team - about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords. The hashed password cannot be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password." The company assured that no payment information or credit card data has been stolen and all payment data is stored separately from the stolen data in a highly secure PCI Data Security Standard (DSS) compliant vault. As a precaution, the passwords for all affected users have been reset and logged them out of the app and website. Zomato also said that over the next couple of days and weeks, they would be actively working to find any more security gaps in their systems, which could lead to temporary disruption. They will further enhance the security measures for all user information stored in their database, and an additional layer of authorization will be added to internal teams who have access to the data.
Disclaimer:
Secure Reading has no confirmed sources for the information shared in the above news/articles. It relies on various unconfirmed inputs, social media claims, and websites for its content, and cannot guarantee the accuracy, timeliness, and genuineness of the same. If there is any error in the news, and once it is brought up to our attention with relevant evidence, Secure Reading is willing to make necessary corrections as applicable.