Some 17 million users are said to have been affected after restaurant search platform Zomato was breached this week.
In a security update outlining what happened, the firm’s chief technologist, Gunjan Patidar, said the stolen information included user IDs, names, usernames, email addresses and password hashes with salt.
No financial information was compromised, the firm said.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password,” he explained. “This means your password cannot be easily converted back to plain text. We however strongly advise you to change your password for any other services where you are using the same password.”
All passwords were immediately reset and users locked out of their accounts and forced to log back in following the incident. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like – so their passwords are safe.
In a bizarre update to the update, Punditar claimed to have managed to contact the hacker who breached the site.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” he said.
Full Article. Zomato Breach Exposes 17 Million Users
In a security update outlining what happened, the firm’s chief technologist, Gunjan Patidar, said the stolen information included user IDs, names, usernames, email addresses and password hashes with salt.
No financial information was compromised, the firm said.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password,” he explained. “This means your password cannot be easily converted back to plain text. We however strongly advise you to change your password for any other services where you are using the same password.”
All passwords were immediately reset and users locked out of their accounts and forced to log back in following the incident. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like – so their passwords are safe.
In a bizarre update to the update, Punditar claimed to have managed to contact the hacker who breached the site.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” he said.
Full Article. Zomato Breach Exposes 17 Million Users
