Just as the digital world is quietly absorbing the shock of the recently “WannaCry” ransomware attack, foodies got another shocker in the online world as they discovered that online food aggregator Zomato’s user data has been severely compromised. About 17 million Zomato users’ records have been stolen from the company’s database and is being sold in dark web. The dark web is a small portion of the deep web (part of web that a search engine can’t find) that has been intentionally hidden and is inaccessible through standard web browsers. Contrast this to the “surface web” that can easily found through a search engine.
While the company has admitted in its blog post that both usernames and hashed passwords were stolen by hackers, it has strongly advised its consumers to change their passwords. Over 120 million users visit Zomato every month. Though the company use hashing (a process that turns an original password into an incoherent set of characters) to fortify the security of all data stored, it is not known whether those hashed passwords could have been converted back to plain text.
Zomato has assured its users that their payment related information on Zomato is stored separately from this stolen data in a highly secure data security standard (DSS) compliant vault, and no payment information or credit card data has been stolen by the hackers. The company said in a statement, “As a precaution, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors.”