Zomato to reach out to 6.6 million users after breach for security update

The company had reported yesterday that about 17 million user records have been stolen from its database.

Published: 19th May 2017 03:48 PM  |   Last Updated: 19th May 2017 03:48 PM   |  A+A-

By PTI

NEW DELHI: Online restaurant guide and food ordering app Zomato will be reaching out to 6.6 million users, whose 'hashed' passwords could be 'theoretically decrypted' in order to get them to update their account security.   

The company had reported yesterday that about 17 million user records have been stolen from its database, which included user email addresses and 'hashed' passwords but no payment information or credit card data.     

"6.6 million users had password hashes in the 'leaked' data, which can be theoretically decrypted using brute force algorithms," Zomato said in a blogpost.     

A hashed password is series of random-looking characters used by companies for security reasons to protect users.     

The company will be reaching out to these users to get them to update their password on all services where they might have used the same password, it added.     

Zomato said it was able to get in touch with the hacker, who had put the stolen user data up for sale. The hacker has agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.   

The startup further said it will be introducing a bug bounty programme on Hackerone for security researchers very soon, which was the key demand of the hacker.     

"The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps," Zomato said.     

The company said hacker also gave it all the details on the way he/she got access to this database.     

"We will post this information on our blog once we close the loopholes, so that others can learn from our mistakes", it added.     

The startup's disclosure has come at a time when the world is grappling with the cyber attack by ransomware 'WannaCry', which has impacted IT networks in over 150 countries. 

Stay up to date on all the latest Nation news with The New Indian Express App. Download now

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

IPL2018