Restaurant-discovery and food ordering platform Zomato today admitted to an incident of hacking, which involved theft of over 17 million user credentials.
In a blog post, the company said: “About 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.”
In the post, it said hacked passwords cannot be converted into plain text and hence the password information of registered Zomato users are intact.
The company also urged its users to change their passwords just to be on the safe side.
“Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked,” the blog post said. Read full blog post here
According to HackRead.com, a user going by the online name of “nclay” has claimed to have hacked Zomato.
It further said the user is selling the stolen data on a Dark Web marketplace.
The data includes emails and password hashes of registered users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). BTC refers to bitcoins.
The team at Zomato was actively scanning all possible breach vectors and closing any gaps.