Online Food/Restaurant online aggregator Zomato database is being hacked where hackers already have stolen more than 17 million users details. Although Zomato saying that – the fact that the passwords were encrypted means that they will be harder to access. Zomato advising all their users to change the password on fresh login. They also advising that using the same set of password at various sites is not at all good idea. They are also advocating the idea of password manager to manage the different password at different sites.
Zomato insisting that none of data related to Credit card, Debit Card or any such type related to banking are stolen, rather they are safe. Payment related information on Zomato is stored separately in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked.
Zomato is used to this hacking as earlier also their database were hacked in 2015. That time it was hacked by the white hat hacker to point out the security breach. All the data which were stolen from the Zomato sites are being sold online.
What Zomato did to prevent the further hacking ?
- Zomato mentions that it has reset passwords for all affected users, and logged them out of the app and website.
- They are now investigating the breach to close gaps including Internal security breach.
- Either the account of an employee has been stolen, or these accounts were stolen by an employee.