Published: Fri, May 19, 2017
Sci-tech | By Carrie Guzman

Urban Spoon Parent Zomato Reports 17M User Data Breach

Urban Spoon Parent Zomato Reports 17M User Data Breach

Zomato said on its blog that data points including emails, user IDs, names, usernames, email addresses, and password hashes with "salt" were exposed in the data breach. In a blog post, the company claimed that the passwords that were stolen "cannot be easily converted back to plain text", but Motherboard said that security experts didn't have much trouble converting into original passwords a sample of the data provided by the hacker.

Just as the digital world is quietly absorbing the shock of the recently "WannaCry" ransomware attack, foodies got another shocker in the online world as they discovered that online food aggregator Zomato's user data has been severely compromised. "He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps", Zomato wrote in the blog post. With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.

Since this was a hacker from an ethical group that checks for any loopholes, they shared what exactly was done to steal the data and the Zomato team has plugged that loophole to prevent any further breaches.

The creators have agreed to do so, saying it will introduce a program called Hackerone "soon".

"60% of users use Google/FB for logging in to Zomato".

Trump hopes to leave scandals behind as he makes first foreign tip
Apart from this, the Arab monarchies are maintaining security cooperation with the United States, he said. Trump's plans include a prayer at the Western Wall in Jerusalem's Old City.

MediaNama has written to Zomato to confirm whether it used the outdated MD5 algorithm, and whether it stored salt values on the same server as the passwords. "This means your password can not be easily converted back to plain text. We however strongly advise you to change your password for any other services where you are using the same password".

Zomato said it has reset the passwords for all affected users and logged them out of the app and website. "The marketplace link which was being used to sell the data on the dark web is no longer available".

Zomato said that no money has passed hands and that it has been in communication with the hacker.

Andre Stewart, VP EMEA at Netskope, warned that data breaches of this sort can often create a risky domino effect of further breaches. "Your payment information is absolutely safe, and there's no need to panic", Zomato said.

Over 170 million LinkedIn accounts that were hacked were actually hashed and stored, however, the hashing function used there was the weak Secure Hash Algorithm 1 (SHA1) without the usage of any modification (salting).

Like this: