17 million accounts on Zomato 'hacked'
India's largest online food-portal Zomato has become the latest target of hacking. A security blog called Hackread claims over 17 million accounts have been breached. "The database includes emails and password hashes of Zomato users, while the price set for the whole package is $1,001.43 (Bitcoins 0.5587). The vendor also shared a trove of sample data to prove it is legit," Hackread's post says.
Zomato
Zomato is a popular restaurant search service that was founded as 'Foodiebay' in 2008 by Deepinder Goyal and Pankaj Chaddah. The online food service, which started out of Deepinder's apartment, has now expanded to nearly 23 countries across the globe. Now with over 2,000 employees under its belt, the company sees a whopping 90 million visits every month across their website and mobile applications.
Users' details sold on the Dark Web?
Hackread claims details of 17 million users have meanwhile been sold on the Dark Web, which is basically the bunch of websites which hide the IP addresses of the servers running them. They are a collection of websites which can be accessed publicly but need specific software and authorization to access. They cannot be found using search engines.
Zomato might have to compensate its affected users
If the report is authentic, Zomato might have to pay compensation to each affected user, as the database contains personally identifiable details including phone numbers and addresses. "The hack…can be a failure to protect personal data by Zomato, making it liable under Section 43A of Indian IT Act, to pay compensation to its users," said Prashant Mali, International Cyber Law and Cyber Security Expert.
Zomato's statement
Zomato acknowledged the breach, but said the data is secure. "The passwords are hashed and salted. This means it can't be converted back to the original password." It stated there's no evidence of breach of financial information. As a precaution, affected users have been logged out and their passwords reset. Meanwhile, the company is "actively scanning all possible breach vectors and closing any gaps".
..And it goes on!
This comes amid a global attack by the WannaCry ransomware, which has affected systems in 99 countries. A few in India have been affected, but there has been no major breach. A day ago, hackers also claimed to have hit Walt Disney Studios and access the soon-to-be-released Pirates of the Caribbean. They threatened they would release it online if Disney didn't pay ransom.
