Restaurant aggregator Zomato said in a blog post Monday morning that about 17 million email addresses and passwords were stolen from its database.
The Gurgaon-based company said no payment or credit card information has been stolen, as that data is stored separately from the stolen user records in a "PCI Data Security Standard (DSS) compliant vault."
Zomato's CTO Gunjan Patidar wrote in the blog post that the security breach did not compromise user passwords, which he said were in encrypted form. The company has "reset the passwords for all affected users and logged them out of the app and website," he wrote.
The company does not seem sure of how the breach happened. Patidar wrote that "some employee’s development account got compromised." He added that the users "paranoid" about security should change their Zomato password if they are using the same elsewhere.