Just when the world was paranoid about the cyber threats, Zomato has admitted that 17 million usernames and passwords have been stolen by hackers from its platform. However, it further added that information relating to payment remains safe them. Notably, this is the second breach of Zomato’s system the past two years. In 2015, the company was hacked by a white hat hacker who reported the details to Zomato, which addressed the weaknesses.
Following the statistics, the company is expected to have a total of 120 million users. Zomato mentioned in a blog post that hacked passwords were hashed, meaning they will be difficult to access though such troves of data do eventually get cracked. Although, it would only be a rational move to change your password on the platform. It is also to be noted that the usage of the same password for various websites is again a bad idea.
Ensuring users, Zomato also cleared in its blog that payment data is stored separately from the stolen data and that no payment information or credit card data has been stolen.
In Zomato’s statement, it said that all payment information on Zomato is stored in a highly secure PCI Data Security Standard (DSS) compliant vault. It added: “We can also confirm that we have found no evidence whatsoever of any of Zomato’s other systems or products being affected”.
According to Zomato, it is now investigating the breach to close gaps, and it noted that this looks like an internal security breach. Either the account of an employee has been stolen, or these accounts were stolen by an employee.