zomato hacked 17 million users

Zomato Hacked: 17 Million User Records Stolen, 6.6 Million User Passwords Leaked

On the heels of the global “WannaCry” cyber attack last weekend, the popular online food delivery and restaurant app, Zomato, announced that the information of 17 million user records has been stolen from its database — in of which, 6.6 million were listed for sale on a “dark web marketplace,” according to CNET.

Over 120 million individuals visit Zomato every month to find the best food their city has to offer. The startup covers more than one million eateries across 24 countries and names, email addresses, and encrypted passwords have been stolen from the database.

“About 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.”

On Thursday, the Indian startup boasted that over 120 million users visit Zomato every month.

“When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. And that’s something we do diligently, without fail. We take cyber security very seriously – if you’ve been a regular at Zomato for years, you’d agree.”

The company, which competes with Yelp, reassured those affected by the security breach that no payment information or credit card details had been stolen. In addition to this, the Zomato security blog said there is not an immediate danger as the hacker agreed not to sell the data.

“The hacker has been very cooperative with us. They wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps.”

Zomato, a company based in India, offers services in more than 20 countries around the world.

“We are introducing a bug bounty program on Hackerone very soon… With that assurance, the hacker ha, in turn, agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.”

The “WannaCry” cyber attack is the world’s biggest ransomware attack to date. The massive global cyber attack affected 200,000 computers in 150 countries. The WannaCry ransomware started taking over affected users’ files last Friday and demanded at least $300 to restore access to normal. Analysts at BBC said three accounts linked to the ransom demands suggested about $38,000 had been paid by last Monday morning.

Many wondered who’s behind the ransomware known as “WannaCry,” “Wanna Decryptor,” or “WannaCrypt.” A security researcher found evidence linking the malware to a North Korean operation known as the Lazarus Group.

Zomato restaurant app was hacked
The popular online app, Zomato, was hacked. Zomato boasts 120 million monthly users. [Image by Carl Court/Getty Images]

Zomato stated that 60 percent of its 17 million user records are tied to social log-in via Google or Facebook and therefore weren’t impacted by the hack, according to Tech Crunch and tweets by Zomato.

The service provider’s Chief Technical Officer, Deepinder Goyal, reassured customers that their credit card information is, in fact, safe.

“Your credit card info, and your addresses are fully safe and secure. (I still have my card on file on Zomato.)”

The company claimed that the passwords that were stolen “cannot be easily converted back to plain text.” However, Motherboard, in addition to other security experts, had no problems converting into original passwords a sample of the data provided by the hacker.

Security experts were not very impressed with Zomato’s security measures. The massive security breach is simply a reminder that many large companies do not have adequate security measures in place to protect users.

Though some may disagree, Zomato has been valued at $1 billion dollars, therefore, the company should have no excuses for a weak security system as Zapato raised more than $240 million from investors to date, according to Tech Crunch.

The Zomato website apologized for any disruption the security breach may cause and asked for users immediate attention to the information. Any questions or concerns can be sent by email and directed to Zomato’s security team.

[Featured Image by LDProd/Shutterstock]