Published: Fri, May 19, 2017
Science | By Cecil Little

17 million Zomato user records stolen in security breach

17 million Zomato user records stolen in security breach

The restaurant discovery service and the food ordering platform Zomato was hacked with a security breach leading to the stealing of user details of about 17 million accounts.

Of the 17 million accounts whose data was stolen, 6.6 million users had password hashes in the "leaked" data, which can be theoretically decrypted using brute force algorithms.

In another blog post, Zomato has revealed that it had open a line of communication with the hacker who posted the information for sale on the dark web. "Heshe wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps.Hisher key request was that we run a healthy bug bounty program for security researchers". The marketplace link which was being used to sell the data on the dark web is also reportedly no longer available, as per the blog.

Government seeks answers on cyber-attack
It has been a very strong response", she said. "This guidance was also reissued on Friday following emergence of this issue". NHS bosses are confident that south Essex experienced only minor issues, and that patient care was largely unaffected.


"So far, it looks like an internal (human) security breach - some employee's development account got compromised", the company said in a blog post, without providing further details.

"The database includes emails and password hashes of registered Zomato users while the price set for the whole package is Dollars 1,001.43". No other information was exposed to anyone (we have a copy of the "leaked" database with us).

"Technically what they are saying is correct, i.e. a hashed password can not be decrypted, but what they aren't saying is - it is technically possible to break the hashing algorithm to guess the passwords".

Miller: Ondrej Kase's motor powers Ducks in comeback win
Five of their six defensemen made their way onto the scoresheet, combining for six total points (one goal, five assists). Once they coolly opened a crack in Rinne and the Nashville Predators , they started a deluge that evened the series.


According to Zomato's blogpost, the company will be introducing a bug bounty program on Hackerone. "Your payment information is absolutely safe, and there's no need to panic", the company says. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like - so their passwords are safe. "This means your password can not be easily converted back to plain text", reads the blog post. Affected users have been logged out of the website and the app.

It added that because the passwords are hashed - converted into a meaningless string of numbers that bear no relation to the actual password - the hackers will be unable to access them. Contrast this to the "surface web" that can easily found through a search engine. Supreme Court advocate Pavan Duggal says, "Such players, referred to as intermediaries under the IT Act hold sensitive data and are expected to have reasonable security protocols in place".

Tornadoes cause damage in Wisconsin, Oklahoma
Storms have battered Southern Plains and Midwestern states all week, with deaths reported Tuesday in Oklahoma and Wisconsin . Devin Feuerhelm told KMSP-TV that his sister, Lenna Samuelson, lives in the park with her two daughters, Ashley and Brenna.


Like this: