Zomato Breach: Company to Team-up with Ethical Hacker Community

17 million user records stolen from restaurant guide Zomato

Personal data of 17 million Zomato users, including names, email addresses, user IDs and protected passwords, was stolen from its database earlier this week. However, Zomato ensured that the leaked information did not comprise of any financial information.

All the users' names and email addresses have been accessed and "the passwords are hashed and salted", the spokesman added. Some of the responses are just adorable!

All passwords were immediately reset and users locked out of their accounts and forced to log back in following the incident.

The company has now pledged to plug its security vulnerabilities and work with the "ethical hacker community" to ensure the app remains a safe space for all users.

The good news is that the hackers have agreed to pull the listing from the market provided the platform runs a "healthy bug program for security researchers".

Anand had written about the particular bug in his blog titled [Responsible disclosure] How I could have hacked 62.5 million Zomato Users, with a proof of a concept video. So it is likely that the data is no longer available on the dark web.

A day after online restaurant discovery and food ordering portal fell prey to a Malaysian hacker "nclay", Zomato has struck an agreement with the hacker to destroy the stolen data.

"No payment information or credit card data has been stolen or leaked", claimed Mr. Patidar. Over 120 million users visit Zomato every month.

The startup's disclosure has come at a time when the world is grappling with the cyber attack by ransomware "WannaCry", which has impacted IT networks in over 150 countries. The massive security breach is simply a reminder that many large companies do not have adequate security measures in place to protect users.

As a precaution, Zomato said it would be urging its 6.6 million users with exposed passwords to change them on other services they may have also used them to access. Zomato wound up in contact with the unidentified hacker/s over the plucked information. In one of the API call, they were reflecting the user data based on the "browser_id" parameter in the API request. This put users at risk since the encrypted passwords stored on Zomato's database can be converted into readable formats easily.

Users hashed passwords can not decrypt or converted back into plaintext in any way.

Related News:

  • Trump Told Russians He Fired 'Nut Job' Comey Because Of Investigation

    Trump aides said he never tried to squelch the Flynn investigation nor made inappropriate disclosures to the Russians. During a commencement address Wednesday at the Coast Guard Academy, he complained bitterly about criticism he's faced.

    Tool can decrypt some files in WannaCry ransomware attack

    Blake Farenthold, R-Texas; and Senators Brian Schatz, D-Hawaii; Ron Johnson, R-Wis.; and Cory Gardner, R-Colo. The result: "Users unlikely to get files restored", the company's Security Response team tweeted.

    President Trump and Saudi King Salman meet in Riyadh

    Billboards featuring images of Trump and the king dotted the highways of Riyadh , emblazoned with the motto "Together we prevail". The two were overheard discussing natural resources and arms, and Salman bemoaned the destruction caused by Syria's civil war.
  • Scattered showers and storms this weekend

    Scattered showers and storms this weekend

    Fans and golfers will have to dodge a few showers and storms tomorrow afternoon and Sunday , but they should get the rounds in. Some areas could be hit with multiple bands of showers throughout the night causing flooding.
    Newly-freed Chelsea Manning says putting past behind her

    Newly-freed Chelsea Manning says putting past behind her

    Last week, Manning tweeted her excitement about her impending release: "Freedom was only a dream, and hard to imagine". Manning's support network has raised about $138,000 in crowdsourced donations to help her transition to the outside.

    Destiny 2 Gameplay Premiere: Watch it again here, see the campaign mode

    There is no telling how long the early access will be, and we are assuming it to last less than a couple of weeks at the most. Shaw also promised "new tech" to address the problem but "at the moment, it's not specifically geared toward PC".
  • Harden, James top All-NBA team; George, Hayward shut out

    Additionally, James pulled down 8.6 rebounds, handed out 8.7 assists and stole 1.2 passes over 74 games. He also broke the single-season mark that was also held by Robertson with 42 triple-doubles .
    Hugh Jackman Didn't Think Real Wolverines Existed?

    Hugh Jackman Didn't Think Real Wolverines Existed?

    I think there's a part for all of us that feels like Logan , as played by Hugh , is the definitive performance of that character. The actor recently wrapped up his tenure as Wolverine following the movie " Logan " which will be available on DVD May 23.
    More rain means more worry in flooded parts of Midwest

    More rain means more worry in flooded parts of Midwest

    This illustrates why large areas of southern Missouri , Illinois , and Arkansas have experienced such significant flooding. Rivers in Louisiana are pouring over their banks after parts of the state were inundated with up to 8 inches of rain.
  • Aussies hopeful of strong finish to sevens world series

    Aussies hopeful of strong finish to sevens world series

    It was all England in the second half with Dan Norton and James Rodwell scoring two unanswered tries to advance to the semifinals. This sport is something that just grips you. "I was so delighted with the boys effort, they've been tremendous all weekend".
    White House knew sacked adviser was under investigation

    White House knew sacked adviser was under investigation

    That call, and Flynn's changing story about it, ultimately led to his firing as Trump's first national security adviser. Flynn's disclosure, on January 4, was first made to the transition team's chief lawyer, Donald F.
    Pemberton Music Festival cancelled

    Pemberton Music Festival cancelled

    In an interview with Pique on May 1, Huka Entertainment chairman and chief experience officer A.J. He said it's specially distressing that concert goers won't be getting their money back.


Most liked

Turkey ruling party elects Erdogan as chairman after referendum win
The two men killed were believed to be planning an attack, the agency said. This is published unedited from the IANS feed. He said it had not affected civil rights.

NIA to probe role of Geelani, others in subversive activities in Valley
The NIA team led by senior members have reached Srinagar for further inquiry regarding funding of Hurriyat, sources told news agency ANI.

Melania Trump skips headscarf as she arrives in Saudi Arabia
Saudi and pan-Arab news channels showed Air Force One on the tarmac in Riyadh in front of a red carpet flanked by Saudi soldiers. President Donald Trump is stepping off Air Force One in Saudi Arabia to begin his first worldwide trip since taking office.

Antonio Conte Hails 'Great Man' John Terry's Positive Influence
But according to Gary Neville, Jose Mourinho has enjoyed an even better Chelsea team than the one now being overseen by Conte. Chelsea captain John Terry "should absolutely not retire" from professional football, according to Antonio Conte .