Zomato Hacked: Are Users' Email Addresses and Passwords Safe?
A recent major hacking incident has just compromised at least 17 million user records on the popular online restaurant search and food delivery platform Zomato. This raised concerns among members about the safety of their emails and corresponding passwords.
In a Security Notice Update posted on Thursday, May 18, on their official blog, Zomato informed its members that user emails and hashed passwords have just been stolen from their database. They went on to assure everyone that they have immediately taken the necessary steps to contain the situation.
Zomato has also emphasized that only 5 data points have been compromised by the attack, namely, user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. Aside from these, no other information has been exposed, and the privacy of the members' payment information has remained intact.
The company explained in a press release that investigations into the breach yielded no evidence of unauthorized access to the members' financial information. This is due to the fact that payment related information is stored in a highly secure PCI Data Security Standard (DSS) compliant vault that is separate from the stolen data.
However, to further ensure the safety of their accounts, Zomato has also advised their members to reset their passwords right away.
Moreover, Daily News & Analysis has posted a list of things that Zomato members should do in order to protect their Zomato and other online accounts. Members should make sure to check that their account details like delivery address, contact number, etc., have not been altered. It also pays to make sure that the Zomato account has not given authorization to any third-party apps.
Additionally, members who use the same password across multiple online accounts are also advised to reset their password on these accounts as well. De-authorizing all social-media apps that have been connected to the Zomato account is also an ideal step to take. Informing friends that one has been hacked can also ensure that others do not fall victim to suspicious emails coming from someone they know.
The breach was reportedly orchestrated by a user named "nclay" who then went on to try and sell data on the Dark Web for $1,001.43.
Zomato has since contacted the said hacker, whom they claimed has been very cooperative and even promised to destroy all copies of the stolen data and take it off the Dark Web market in exchange for the assurance that Zomato runs "a healthy bug bounty program for security researchers."