/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/post_banners/wp-content/uploads/2017/05/zomato.jpg)
Zomato hacked, Company reaching out to users with security updates
Online restaurant guide and food ordering app Zomato is reaching out to 6.6 million users whose "hashed" passwords could be "theoretically decrypted" in order to get them to update their account security. The company reported on Thursday that about 17 million user records had been stolen from its database, which included user email addresses and hashed passwords but no payment information or credit card data.
"6.6 million users had password hashes in the 'leaked' data, which can be theoretically decrypted using brute force algorithms," Zomato said in a blog post.
A hashed password is series of random-looking characters used by companies for security reasons to protect users.
The company is reaching out to these users to get them to update their password on all services where they might have used the same password, it added.
According to the security update of Zomato, they have since already patched the vulnerability that led to this breach and have got the exposed data set delisted from public domain. As of now, they're actively working with cyber security experts to ensure all their systems are secure. Additionally, they are undertaking following steps -
- reaching out to all affected users to communicate the impact of the breach.
- As a precautionary measure to ensure extra security, changing all authentication credentials in the system.
- changing encryption algorithms to make it even more harder for someone to guess match passwords from the stored hash.
- adding safeguards to prevent any such incidents in the future.
Zomato said it was able to get in touch with the hacker, who had put the stolen user data up for sale. The hacker has agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.
The start-up further said it will be introducing a bug bounty programme on Hackerone for security researchers very soon, which was the key demand of the hacker.
"The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps," Zomato said.