Security News Zomato Breach Exposes 17 Million Users

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Some 17 million users are said to have been affected after restaurant search platform Zomato was breached this week.

In a security update outlining what happened, the firm’s chief technologist, Gunjan Patidar, said the stolen information included user IDs, names, usernames, email addresses and password hashes with salt.

No financial information was compromised, the firm said.

“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password,” he explained. “This means your password cannot be easily converted back to plain text. We however strongly advise you to change your password for any other services where you are using the same password.”

All passwords were immediately reset and users locked out of their accounts and forced to log back in following the incident. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like – so their passwords are safe.

In a bizarre update to the update, Punditar claimed to have managed to contact the hacker who breached the site.

“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” he said.

Full Article. Zomato Breach Exposes 17 Million Users
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
"The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” he said.
Uhm...it looks to me like a bit of Stockholm syndrome...:confused:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top