17 million user data stolen from Zomato

New Delhi, India, May 18, 2017- According to latest media reports,
Indian restaurant search and discovery giant Zomato announced that 17 million
user records were stolen from its database.

In a Blog post by Zomato said that
account information (including name, email address and hashed password) of
millions of users were compromised.

This is one of the most shocking IT security
related disasters in the recent times.

The company wrote in the blog post- “As
a precaution, we have reset the passwords for all affected users and logged
them out of the app and website. Our team is actively scanning all possible
breach vectors and closing any gaps in our environment. So far, it looks like
an internal (human) security breach — some employee’s development account got

Zomato assures that the hashed
passwords of the users cannot be decrypted or converted back into plain text in
any way. Meanwhile, it also encourages users sharing the same password across
other platforms to change their passwords for complete security promise.

The firm further said that payment
related information on Zomato is ‘stored separately’ in a highly secure PCI
Data Security Standard (DSS) vault. It further asserted that no payment
information or credit card detail had been stolen/leaked, adding that it was
actively working to plug any more security gaps that it may find in its system.

Zomato now plans to enhance its
internal security measures for all user related information stored in its
database. Also, the Chief Technocrat of the company, Gunjan Patidar, also the
author of this blog post, assured that they are working on adding another layer
of authorisation for its internal teams. This is aimed at avoiding the
possibility of any future human breach.

Source- News18.com