Online food aggregator Zomato said on Thursday its site was hacked, and 17 million user email addresses and passwords were stolen from its database. However, the company assured customers that their payment and credit card data are safe.
This comes barely a week after a malicious software – ‘WannaCry’ ransomware – paralysed computers across the world and interrupted working of conglomerates such as Renault, British hospitals and German railways.
“The hashed password cannot be converted/decrypted back to plain text – so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password,” the company said in a blog on its website.
It added that no payment information or credit card data has been stolen/leaked as it “is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault.”
Zomato added as a precaution it has reset the passwords for all affected users and logged them out of the app and website. “Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal security breach as “some employee’s development account got compromised,” it said.
Zomato, which is visited by 120 million users every month, said it plans to plug any more security gaps that it finds over the next couple of days and weeks.
“We’ll be further enhancing security measures for all user information stored within our database. A layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach,” it added.
Customers can contact its security team by sending an email to email@example.com.