Friday, 19 May 2017 22:41

Hacker steals 17 million users' data from restaurant app Zomato and puts the details up for sale on the dark web

By: 
  • Details including names, email addresses, user IDs and passwords, were stolen
  • The data was being auctioned on the dark web for around $1,000 (£770) 
  • Zomato has since been in contact with the attacker who has removed the listing
  • The the loophole that allowed the exploit to happen has now been plugged

One of the world's largest restaurant and food delivery apps has been the victim of a hacker who stole the data of 17 million users from its database.

Zomato announced that names, email addresses, user IDs and protected passwords, were stolen during the attack.

The startup said the 'hashed' passwords could not be decrypted but recommended users change their login details if they use the same password for other services.

Restaurant app Zomato (pictured) fell victim to a hack attack which saw the data of 17 million users stolen from its database. The trove of personal data was being auctioned on the dark web for around $1,000 (£770) until yesterday
Restaurant app Zomato (pictured) fell victim to a hack attack which saw the data of 17 million users stolen from its database. The trove of personal data was being auctioned on the dark web for around $1,000 (£770) until yesterday

ZOMATO HACK

Personal data of 17 million Zomato users, including names, email addresses, user IDs and protected passwords, was stolen from its database earlier this week.The trove of personal data was being auctioned on the dark web for around $1,000 (£770) by a hacker using an alias.But Zomato has since been in contact with the attacker, who has removed the listing.And the Indian firm, which boasts 120 million user visits a month, said that the loophole that allowed the exploit to happen has been plugged to prevent any further data leaks.

Zomato's chief technology officer Gunjan Patidar said customers' financial information was stored separately from the stolen data and was not compromised by the hack. 

Affected users were logged out of the website and app and had their passwords changed as a precautionary measure in response to the attack, which took place earlier this week.

The trove of personal data was being auctioned on the dark web for around $1,000 (£770) by a hacker using an alias.

But Zomato has since been in contact with the attacker, who has removed the listing.

And the Indian firm, which boasts 120 million user visits a month, said that the loophole that allowed the exploit to happen has been plugged to prevent any further data leaks.

In a statement on the Zomato's website, Mr Patidar said: 'We have taken multiple steps to mitigate the situation. 

'One of these steps was to open a line of communication with the hacker who had put the user data up for sale.

Source: This article was published on dailymail.co.uk

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now