• Motorburn
      Because cars are gadgets
    • Gearburn
      Incisive reviews for the gadget obsessed
    • Ventureburn
      Startup news for emerging markets
    • Jobsburn
      Digital industry jobs for the anti 9 to 5!

Zomato hacked, 17m users’ personal data leaked to the dark web

If you frequent the India-based restaurant and food review app Zomato, you should probably change your password immediately.

That’s the message conveyed in a blog post by the company on Thursday, after it announced that more than 10% of the company’s user records were stolen by a hacker.

“The reason you’re reading this blog post is because of a recent discovery by our security team – about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords,” it noted, adding over 120-million people visit Zomato monthly.

For those who had their user information stolen, the company does offer a few comforts to users.

One, it has issued forced password updates to the users affected, meaning that users are now obligated to update their passwords to use the service.

Two, it has opened up communication channels with the person responsible for the hack.

17m of Zomato’s 120m monthly users were affected, but no financial information has been leaked

“The hacker has been very cooperative with us,”the company notes in a later blog post.

“He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty programme for security researchers.”

Zomato also states that it will introduce a bounty programme “very soon”.

“With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace. The marketplace link which was being used to sell the data on the dark web is no longer available,” it adds.

Beyond that though, Zomato remains “cautious and paranoid”.

“Please note that only 5 data points were exposed – user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone (we have a copy of the ‘leaked’ database with us). Your payment information is absolutely safe, and there’s no need to panic,” it concludes.

Even if you weren’t affected by the hack, Zomato suggests that you change your password as a precaution.

Author | Andy Walker: Editor

Andy Walker: Editor
Camper by day, run-and-gunner by night, Andy prefers his toast like his coffee -- dark and crunchy. Specialising in spotting the next big Instagram cat star, Andy also dabbles in smartphone, gadget and game reviews over on Gearburn. More

More in Security

Edward Snowden reminds us all that he was right after WannaCry fallout

Read More »