Online restaurant guide and food ordering service Zomato on Thursday said about 17 million user records have been stolen from its database.
The stolen information contains user email addresses and ‘hashed’ passwords but no payment information or credit card data has been stolen/leaked, Zomato said in a blog post.
A user by the name of ‘nclay’ has claimed to hack India’s online food delivery app Zomato. The security breach saw more than 17 million user records stolen from Zomato’s database.
The stolen information has email addresses and hashed passwords of customers.
As per Hackeread.com, nclay is willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace with the price set for the whole package at $1,001.43 (0.5587 bitcoins).
Hashing turns an original password into an incoherent set of characters, bringing down the possibility of it being easily converted back to plain text. Although in theory, the password may still be safe, Zomato is encouraging its users to change that password if used for any other services.
“Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,” Zomato stated in its blog.
“Since we have reset the passwords, affected users’ zomato account as well as credit card information is secure, so there is nothing to worry about there,” the blog read.
Zomato has termed the hacking a human error as the cause of the security breach where an employee’s development account got compromised.