Saturday, 27 May 2017
Latest news
Main » Zomato reports theft of 17 m users' data

Zomato reports theft of 17 m users' data

19 May 2017

It wasn't immediately clear whether this 6.6 million was part of the 17 million records stolen.

"So far, it looks like an internal (human) security breach - some employee's development account got compromised", the company said in a blog post, without providing further details.

The company was also careful to say that the data was not hacked or stolen but compromised.

According to information shared on Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato.

United States envoy vows to call out countries backing North Korea
It said this was a test of its capability to carry a "large-size heavy nuclear warhead", drawing Security Council condemnation. Ties between the countries have plunged over the deployment in South Korea of a USA missile defense system called THAAD .

They went onto say that they were working to improve security and that they would be "actively working to plug any more security gaps that we find in our systems" in the coming days and weeks. His/her key request was that we run a healthy bug bounty program for security researchers.

Following the events, Zomato is going to announce a bug bounty program on Hackerone.

Close to 120 million users visit the Zomato website for queries and ordering of food.

Andre Stewart, VP EMEA at Netskope, warned that data breaches of this sort can often create a risky domino effect of further breaches. MediaNama was not able to independently verify this. "Along with this, the MD5 hashing algorithm is outdated and has been superseded by more cryptographically secure hashing algorithms". This put users at risk since the encrypted passwords stored on Zomato's database can be converted into readable formats easily.

Scots NHS told 3 months ago to protect data from attacks
However, France, where carmaker Renault was among the world's highest-profile victims, said more attacks were likely. The so-called ransomware attack appears to exploit a weakness that was purportedly identified by the U.S.

Zomato has assured its users that their payment related information on Zomato is stored separately from this stolen data in a highly secure data security standard (DSS) compliant vault, and no payment information or credit card data has been stolen by the hackers. "Your payment information is absolutely safe and there's no need to panic", Zomato said in a statement.

Zomato said that no money has passed hands and that it has been in communication with the hacker.

The above cryptographic method is required to help reduce the effectiveness of a brute-force attack or dictionary attack - a password cracking method which matches every bit of the password with a random alphabet/character/number until the entire text of the password is matched. The hacker also provided all the details on the way he or she got access to the database.

"Technically what they are saying is correct, i.e. a hashed password can not be decrypted, but what they aren't saying is - it is technically possible to break the hashing algorithm to guess the passwords". We are yet to hear back from them.

Malaysia's growth quickens, beating forecasts
BNM said in March it expected economic growth for the whole year to be between 4.3 and 4.8 percent, but the Q1 results gave it reasons to be more optimistic.

Zomato reports theft of 17 m users' data