Recently, Zomato, the leading restaurant search and discovery service admitted that they had faced a hacking case wherein credentials of 17 million of the 120 million users of the site were stolen.
As per the company reports; the stolen credentials include the email addresses and hashed passwords of the users. They, however, added that the passwords could not be decrypted and so the accounts won’t be compromised.
Still, as a means to ensure security, Zomato has been encouraging users to change their password as the first line of defense. Further, the company added that the data pertaining to payments were stored separately and it adhered to the highly secure PCI data security standard compliant vault. This data stayed intact and the payment information and even the credit card details were not stolen. But, even then the passwords have been reset and users will be automatically logged out from both the app and the desktop version.
The company was quoted as saying, “So far, it looks like an internal (human) security breach – some employee’s development account got compromised.” But, the security professionals are investigating the details of the attack to find out any vulnerability which will then be dealt with.
The company has been transparent with the details and they want their users to rest assured that their credit card details are completely secure and people have nothing to worry about. Over the next few days, the Zomato security team will be working hard to fill out any security gap and detect possible vulnerabilities to avoid such attacks in future.