Zomato Breach: 17 Million User Database Compromised

The popular food-tech company, Zomato recently suffered a security breach. The hacker is said to have stolen around 17 million accounts of user database.

According to Hackeread.com, a hacker with the username ‘nclay’ has claimed to hack Zomato and was trying to sell the huge database on a popular Dark Web marketplace.  The data includes emails and hashed passwords of registered users. The whole package was to be sold for $1,001.43 i.e. BTC 0.5587 (Bitcoins).

The hacker also shared a chunk of the database to prove it was legit.

Whereas in an official blogpost, Zomato has assured that no information related to payments or credit/debit cards was leaked.

Gunjan Patidar, Chief Technology Officer, Zomato, in his blogpost has advised users to change passwords, especially if the same password is used on other services. Apart from this, it has been assured to all the customers that the payment related information is stored separately and in a highly secure PCI Data Security Standard (DSS) compliant vault.

He further added on the blogpost, “For the next few weeks, we will be further enhancing security measures for all user information stored within our database. A layer of authorization will be added for internal teams having access to this data to avoid the possibility of any human breach.”

On this, Prashant Mali, International Cyber Law and Cyber Security Expert quoted, "Each user account had associated with it a phone number, address, and an email id. The hack, if proven, can be a failure to protect personal data by Zomato making it liable under Section 43A of Indian IT Act, to pay compensation to its users," as stated on Moneycontrol.com.