Zomato data breach – How safe is our data?

On 18th May, Zomato experienced a major data breach that affected more than 17 million user records. Data was stolen from the company’s database including names, email addresses and passwords (encrypted) of the users. Zomato has been quite a popular restaurant app, an Indian startup that includes over 1 million food hubs across 24 countries. This company had been founded in 2008 and now there are 120 million users each month. They spread business in Europe, Asia and South America.

Zomato, yelp’s competitor declared that there has been no stealing of payment and credit card details. The company again ensured that the security process it follows makes sure that the passwords stolen cannot be converted back to text. The affected users have been logged out of the application and their passwords have been reset.

Zomato discovered the theft very recently but the team is not sure of when this happened. “So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” said Zomato. The company promised it would work more actively to bridge any security gaps in the systems recently. It further added, “We can also confirm that we have found no evidence whatsoever of any of Zomato’s other systems or products being affected,” Zomato said in an official statement, adding that its team is actively “scanning all possible breach vectors and closing any gaps in our environment”.

Based on a report by HackRead, these accounts are getting sold for $1000 on the dark web by a user named ‘nlcay’. According to data offered by CB Insights, Zomato is worth $1 billion.
This online food aggregator worked very actively to settle this data breach issue and the company claimed that this has no relation with ‘WannaCry’ ransomware. This ‘WannaCry’ affected about 200,000 computers on a global basis and hindered working of multinationals. Customers can get in touch with the security team by emailing to support@zomato.com.

Organizations are supposed to access the information risks and perform an auditing of their information systems security protection and strategies rigorously. Companies must be proactive, take a lead in setting up precise client information security standards. Unfortunately, hackers do remain a step ahead all the time. Therefore companies must be ready with their post-breach protocol which includes informing, placating and compensating the customers.