Restaurant app Zomato hack leaves 17 million users exposed

If you use Zomato to look up restaurants, you may want to check your account: someone has infiltrated its system and got away with 17 million users’ IDs, usernames, names, email addresses and hashed passwords. The service says no payment information was stolen, since credit card details are stored separately. It also doesn’t have access to your Facebook or Google account, so you don’t have to worry about anything if you simply linked your account instead of making a standalone one for Zomato. But if you did make a standalone one for Zomato, it’s best to change your password ASAP.

This is totally separate incident from the WannaCry attacks, and the hacker who infiltrated the company’s system didn’t ask for ransom. He tried to sell his loot on the dark web instead but ended up pulling it down when the company agreed to his terms. They include acknowledging the security vulnerabilities in its system, to work with the ethical hacker community to patch them up and to launch a bug bounty program.

Zomato says it will amp up its website’s security measures, especially since it found out that 6.6 million of the stolen hashed passwords can “theoretically [be] decrypted using brute force algorithms.” It also promises to reveal how exactly the hacker got in, which the infiltrator himself revealed to the company, once it’s done fixing the vulnerabilities that made it possible.

Via: VentureBeat

Source: Zomato

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On