Restaurant search and discovery giant Zomato on Wednesday announced that 17 million user records were stolen from its database.
In a blog post, Zomato said that account information (including name, email address and hashed password) of millions of users were compromised.
“As a precaution, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach — some employee’s development account got compromised,” the company wrote in the blog post.
Zomato assures that the hashed passwords of the users cannot be decrypted or converted back into plain text in any way. Meanwhile, it also encourages users sharing the same password across other platforms to change their passwords for complete security promise.
The firm further said that payment related information on Zomato is ‘stored separately’ in a highly secure PCI Data Security Standard (DSS) vault. It further asserted that no payment information or credit card detail had been stolen/leaked, adding that it was actively working to plug any more security gaps that it may find in its system.
Zomato now plans to enhance its internal security measures for all user related information stored in its database. Also, the Chief Technocrat of the company, Gunjan Patidar, also the author of this blog post, assured that they are working on adding another layer of authorisation for its internal teams. This is aimed at avoiding the possibility of any future human breach.