BENGALURU: Online restaurant discovery and food ordering app Zomato has said about 17 million user records were stolen from its database. The stolen information contained user email addresses and protected passwords but the payment information and credit card data remained safe, the company said.
Just days ago, major companies across the world had to deal with ransomware attack and this incident follows the global crisis.
To ensure that no further damage is caused, Zomato has said it has reset the passwords for all the affected users and has logged them out of its app and website. All the user accounts were secure, it stated. Nonetheless Zomato has asked all users to change passwords for any other services where they used the same password.
The company had put it up on its official blog that the data theft was recently discovered by its security team. “Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach — some employees’ development account got compromised,” Zomato stated.
Zomato’s founder Deepinder Goyal tweeted “60% of users use Goog/FB for logging in to Zomato. We don’t have passwords for these accounts —therefore, these users are at zero risk.” Zomato has also assured all its users that their credit card information was fully secure and that payment-related information was stored separately in a PCI Data Security Standard (DSS) compliant vault.