The largest food restaurant guide website of India, Zomato hacked and almost 17 Million user account details suffered a major cyber security breach. According to a report from a security blog named Hackread, the database of the users is now being sold on the dark web marketplace.
According to a post by Hackread,
“The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit.”
If you are wondering what exactly the database contains, then we are making it crystal clear for you. The leaked data consists of the email address, ‘hashed’ passwords and credit and debit card details. Although, Zomato revealed on a blog post, that only the email address and hashed passwords has been stolen or leaked, not the credit card details.
This news comes as no surprise because the world is focusing more on Ransomware ‘WannaCry’ at the moment. ‘Wannacry’ Ransomware is affecting computers around the world and has impacted the IT networks in almost 150 countries. However, Zomato has not cleared the air if the hack is related to ‘WannaCry’ Ransomware attack. They just informed that the hack was discovered by the security team and the exact time cannot be claimed.
Zomato is a restaurant guide and a food delivery app which was founded first as ‘Foodiebay’ in the year 2008. The founders are Deepinder Goyal and Pankaj Chaddah. They claim to have over 120 million user visits every month and is successfully working in 23 countries.
When Zomato was asked about the hack, they said,
“Over the next couple of days, we’ll be actively working to improve our security systems – we’ll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach.”
“Although the hashed password cannot be converted back to plain text, as a safety measure, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors and closing any gaps in our environment. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault.”
The International Cyber Security Expert, Prashant Mali said,
“Each user account had associated with it a phone number, address, and an email id. The hack, if proven, can be a failure to protect personal data by Zomato making it liable under Section 43A of Indian IT Act, to pay compensation to its users.”
The Section 43A of Indian IT Act:
The Indian IT Act Section 43A states that when a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices, such a body corporate shall be liable to pay damages by way of compensation, not exceeding Rs 5 crore to the person so affected.