Zomato suffers major security breach, 17 mn user records stolen

Zomata has suffered a major security breach with over 17 million user records stolen from the company’s data base. The stolen information has user email addresses and hashed passwords, the company confirmed in a blogpost today.

The food-tech company has ensured that “no payment or credit card information has been stolen/leaked” by the hacker. “Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,” Zomato wrote on its blog.

“The hashed password cannot be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services,” the firm added.

Although the passwords could still be safe, the company is encouraging its customers to change their account password, if used for any other services, to avoid risks.

As a precautionary measure, Zomato has reset the passwords for all affected users and logged them out of the app and website and is still trying to identify any possible breach vectors and gaps in the service’s ecosystem.

The firm has attributed an internal (human) error as the cause of the security breach where an employee’s development account got compromised.  

Over the next couple of days and weeks, the company will work towards plugging further security gap that they come across in its systems. This will include enhancing security measures for all user information stored within our database and adding a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach.