Zomato Breach: Company to Team-up with Ethical Hacker Community

Cesar Mills
May 19, 2017

About 17 million Zomato users' records have been stolen from the company's database and is being sold in dark web.

Zomato said on its blog that data points including emails, user IDs, names, usernames, email addresses, and password hashes with "salt" were exposed in the data breach.

While he had initially put up those details up for sale on Dark Web, at an asking price of $1,001.43 (BTC 0.5587), apparently, Zomato has arrived at an agreement with the hacker wherein he has agreed to remove the ad for the sale of the data on the condition that the company initiates and maintains a bug bounty program. He/she wanted us to acknowledge security vulnerabilities in our system and...plug the gaps.

To ensure that no further damage is caused, Zomato has said it has reset the passwords for all the affected users and has logged them out of its app and website.

According to the blog post, the hacker has also agreed to take the data off the dark web and destroy all copies of the stolen information.

Brazil crisis deepens with probe of president, top senator
Neves is being investigated in several corruption cases related to the " Car Wash " probe into kickbacks to politicians. Petrobras and Odebrecht , Latin America's largest construction firm, played leading roles in the bribery ring.

Uber threatens to fire self-driving car engineer in trade secrets case
That employee, Anthony Levandowski, is now required to be kept away from any of Uber's self-driving auto work involving a Lidar system.

Leonardo DiCaprio and Nina Agdal end relationship
That's because, the source says, "He's not ready to settle down and just isn't in the mindset to get married or have kids". I can tell you that it is six years since they first met, and now the relationship apparently developed.

Further, so that others can learn from Zomato's mistakes, it will be posting this information on its blog once it fixes the loopholes.

This information includes email addresses and hashed passwords.

"No other information was exposed to anyone. His/her key request was that we run a healthy bug bounty program for security researchers", Zomato CTO Gunjan Patidar said in an official blogpost. However, Zomato assured people that as passwords and card details were encrypted, they were safe and not compromised.

The investigation into the breach is ongoing but users who use the same password across multiple websites and social media platforms are being advised to change their password as soon as possible. "This means your password can not be easily converted back to plain text", reads the blog post.

It added that because the passwords are hashed - converted into a meaningless string of numbers that bear no relation to the actual password - the hackers will be unable to access them. "Your payment information is absolutely safe, and there's no need to panic", Zomato said. This content is not indexed on search engines like Google, and can only be accessed using software that can route around the public internet to get there. According to the screenshots of the sale posted on HackRead, the Zomato database used a hashing technique called "MD5", which security experts say is inappropriate for encrypting passwords. Would Zomato be liable to compensate end users for loss of sensitive data?

Other reports by GizPress

Discuss This Article