Foodie app Zomato hacked, data from 17 million users stolen
- Author: Delia Davidson May 22, 2017,
May 22, 2017, 8:08
Out of the 17 million users affected, 6.6 million had password hashes in the stolen data which can be decrypted using brute force algorithms.
Zomato tried assuring users that payment information was safe. "We were able to access user names, email IDs, addresses and history of transactions.We highlighted this to Zomato but we have not heard from them", said Karthick Vigneshwar, director, infySEC. Some of the responses are just adorable!
As a security measure, all the passwords of the involved Zomato accounts were reset and all of the accounts were forcibly logged out from the application and website.
That's the message conveyed in a blog post by the company on Thursday, after it announced that more than 10% of the company's user records were stolen by a hacker.
Zomato says 17 million user records were taken from its database. He/she wanted us to acknowledge security vulnerabilities in our system and...plug the gaps.
According to Zomato‚ the person behind the hack came forward and told them exactly how they did it‚ and agreed to delete the data in exchange for the company setting up a bounty programme for security researchers. But this particular incident was resolved when the hacker agreed to remove the listing on the condition that the victim introduces a bug bounty program.
Fallon finds similarities between Trump, 'Legally Blonde' commencement speeches
Trump says: "You must go forth into the world. passion, courage in your conviction, most importantly be true to yourself". Trump began his speech by telling students to "chase their dreams" before dipping into familiar territory.
The Zomato hack comes within days of the "WannaCry" ransomware attack that paralysed computers across the world and interrupted working of conglomerates such as Renault, British hospitals and German railways. Zomato has had an account on the Hacker One disclosure service for over a year, and will now start paying people who report security issues.
Finally, share this news with fellow Zomato users so that they can be aware and take the security steps to keep the account safe. The company, however, claims that there was no evidence of the entry of the hackers to their vault with financial and/or credit card information.
"60% of users use Google/FB for logging in to Zomato".
It added that because the passwords are hashed - converted into a meaningless string of numbers that bear no relation to the actual password - the hackers will be unable to access them.
And the Indian firm, which boasts 120 million user visits a month, said that the loophole that allowed the exploit to happen has been plugged to prevent any further data leaks.