Online restaurant search service Zomato has been hacked with over 17 million user records stolen from the company’s database.
The recent security breach has compromised the details pertaining to email addresses and hashed passwords of the customers, reported The Economic Times.
According to Hackeread.com, a news platform that centres on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.
Post the developments, Zomato is encouraging its users to change that password if used for any other services.
Despite assurances that increased levels of precautions were made to safeguard users’ data, the company, as a preventive measure, has reset the passwords for all affected users and logged them out of its app and website. “Since we have reset the passwords, affected users’ Zomato account as well as credit card information is secure, so there is nothing to worry about there,” said Zomato.
In the blogpost, Zomato has attributed human error as the cause of the security breach where an employee’s development account got compromised. “Our team is actively scanning all possible breach vectors and closing any gaps in our environment,” the blog stated.
Over the next couple of weeks, the company will reportedly work towards plugging further security gaps – if any – in its systems. This will include adding a layer of authorisation for internal teams having access to such data to avoid the possibility of any human breach.