Indian restaurant search and discovery giant Zomato announced that 17 million
user records were stolen from its database.
account information (including name, email address and hashed password) of
millions of users were compromised.
related disasters in the recent times.
a precaution, we have reset the passwords for all affected users and logged
them out of the app and website. Our team is actively scanning all possible
breach vectors and closing any gaps in our environment. So far, it looks like
an internal (human) security breach — some employee’s development account got
passwords of the users cannot be decrypted or converted back into plain text in
any way. Meanwhile, it also encourages users sharing the same password across
other platforms to change their passwords for complete security promise.
related information on Zomato is ‘stored separately’ in a highly secure PCI
Data Security Standard (DSS) vault. It further asserted that no payment
information or credit card detail had been stolen/leaked, adding that it was
actively working to plug any more security gaps that it may find in its system.
internal security measures for all user related information stored in its
database. Also, the Chief Technocrat of the company, Gunjan Patidar, also the
author of this blog post, assured that they are working on adding another layer
of authorisation for its internal teams. This is aimed at avoiding the
possibility of any future human breach.