Zomato hacked in latest global cyberattack, data of 17mn users stolen
Zomato is the latest online company to be targeted by hackers, with personal data, email addresses and hashed passwords of up to 17 million users around the world stolen.
The website, founded in India in 2008, boasts 120 million monthly users and hosts information on 1 million eateries in 10,000 cities across 23 countries.
It hosts menus, photos, and locations of restaurants in addition to user reviews and ratings, similar to its competitor Yelp.
“So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” the company said in an official blog post explaining the breach.
60% of users use Goog/FB for logging in to Zomato. We don’t have passwds for these accounts - therefore, these users are at zero risk.
— Deepinder Goyal (@deepigoyal) May 18, 2017
Zomato joins the ranks of Yahoo, LinkedIn, Tumblr, and Daily Motion which have all experienced similar data breaches in recent years.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text,” reads the blog post.
The company has reiterated multiple times on social media that payment data is stored separately and was not compromised as part of the breach. To allay fears, CEO and Founder Deepinder Goyal claims that his credit card information is still stored on the site.
[Repost] Your credit card info, and your addresses are fully safe and secure. (I still have my card on file on Zomato.)
— Deepinder Goyal (@deepigoyal) May 18, 2017
"But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the company added.
The investigation into the breach is ongoing but users who use the same password across multiple websites and social media platforms are being advised to change their password as soon as possible.
Zomato is valued at around $1 billion though the tech startup saw its estimated paper value unceremoniously cut in half in 2016. This latest breach will likely further damage the private company’s valuation.
#WannaCry XXL? The next ransomware attack will be even worse https://t.co/agSMftskRQpic.twitter.com/qGbfygq4cV
— RT (@RT_com) May 18, 2017
In the aftermath of the WannaCry and Adylkuzz breaches over the past month, consumer confidence in online security has taken a significant hit.
Private cybersecurity firms and crowd-sourced solutions seem to be the way forward, given the recent successes in stopping major cyberattacks but competing with government-created cyber weaponry will prove incredibly difficult.