On Thursday, May 18, Zomato confirmed that their website has been hacked and account info has been stolen for upto 17 million usernames and passwords. Zomato has a total of 120 million users data from which 17 million got hacked. But the good news is Zomato claims that they have already have reset all the affected accounts. They admitted that their data is encrypted, which makes it harder to access but there are still chances of Zomato being hacked.
What Really Happened?
Zomato disclosed this attack in a blog post where they mentioned that all users payment data is stored separately PCI Data Security Standard (DSS), which wasn’t hacked and none of the payment information or Debit/Credit card information has been stolen. They recovered before the matter went on any further. In a mailed statement to NDTV, they said, “We can also confirm that we have found no evidence whatsoever of any of Zomato’s other systems or products being affected.”
Zomato also stated, “Over the next couple of days, we’ll be actively working to improve our security systems – we’ll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach.”
This isn’t the first time Zomato has gotten hacked. It has been hacked before as well in 2015 by a white hat hacker who reported the details to Zomato but this time the stolen usernames and passwords are being sold online, as reported by NDTV.
On the same blog post, Zomato also mentions that they have reset the passwords of all affected users and they have been logged of the account and website. They say they are investing in finding loop-holes in this situations and to them it looks like an internal security breach which means, either an employee has stolen these accounts or account of an employee was hacked. Zomato reassured that all accounts are now safe and ready to be used again, normally.
We do suggest all Zomato users to change your own passwords right away and try not keeping a same password for multiple sites because it makes things easier for a hacker. You must have a password manager in your phone that manages and secures all your different passwords for various websites.
Read full article by Gadgets 360′ (An NDTV Venture) , here.