The India’s largest online restaurant guide and food ordering app Zomato announced that seventeen million accounts of their users were stolen from its database this Thursday. The database includes emails and password hashes of Zomato users. Zomato added that they have reset the passwords of all stolen accounts and also logged them out of the app and website. The company also assured that the hashed passwords of the users cannot be decrypted or converted back into plain text in any manner. The company disclosed this attack in a blog post where they also mentioned that the payment details of their users attached to Zomato accounts are completely safe. The payment related information on Zomato is stored separately in a highly secure PCI data security standard (DSS) vault. So, the affected users don’t get worried about their payment related information as no any credit card data or payment information has been leaked.
It is not the first time this firm has been targeted in the hacking attack. In the year 2015, the company has encountered a hacking attack by a white hat hacker who reported the details to Zomato. But this time, the report said that the usernames and passwords are being sold online.
The firm added that over 120 million users visit the site per month. The company will be actively working to plug any more security gaps in its systems. The firm is now planning to improve and enhance their security measures for all user related information stored in their database. Gunjan Patidar, the Chief Technocrat of Zomato assured that they are now continuously working on adding the another layer of authorization for its internal teams. The aim of this is to avoid the possibility of any human breach in the future.