ADVERTISEMENTREMOVE AD

Zomato Hacked: Is Data of 17 Million Users Being Sold on Dark Web?

Payment details have not been compromised, Zomato said.

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

Zomato users were in for a shock on 18 May after the food delivery app announced that the data of over 17 million users on its network had been compromised.

Hackread, a security blog, has now claimed that a vendor going by the name “nclay” is said to be behind the hack and is selling the data on the Dark Web.

The database includes emails and password hashes of Zomato users, while the price set for the whole package is $1,001.43 (Bitcoins 0.5587). The vendor also shared a trove of sample data to prove it is legit.
ADVERTISEMENTREMOVE AD

Email-address and hashed password were stolen, Zomato revealed, adding that they had reset passwords of the users who have lost data to the hack.

The reason you’re reading this blog post is because of a recent discovery by our security team – about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.
Zomato, in a blog post

However, the company was quick to inform users that all payment details attached to Zomato accounts are safe.

Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked.
Zomato, in a blog post

Zomato said that over the next few days, they would work to strengthen their security back-end, which could lead to temporary disruption. The app has also assured users that passwords cannot be converted to plain text owing to its hashed nature.

Over the next couple of days and weeks, we’ll be actively working to plug any more security gaps that we find in our systems. We regret any disruption this may cause and appreciate your immediate attention to this information
Zomato, in a blog post

Zomato is the latest in a number of hacks, with the ransomware attack still looming large. The company has not revealed the details of the hackers for now.

Losing out on data of over 17 million users is not a good sign, especially for a platform which houses over 120 million users in the country.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
×
×