Yesterday, Zomato announced about 17 million user records were stolen from its database due to a security breach. The stolen data included usernames, email address and hashed password of users. However, Zomato ensured that the leaked information did not comprise of any financial information. Also Read - Twitter vs Koo: Nigeria government joins India's Koo app after Twitter’s ban in the countryAlso Read - Twitter seeks more time to comply with new rules in response to “one last notice”
Now, while the credit/debit card and wallet details are still safe, email addresses and passwords have still been affected and the users ought to freak out. However, the absolute delight that foodies are, Zomato users have absolutely different concerns, most of which are their food-related inhibitions. Some of the responses are just adorable! Also Read - Twitter ban: India's alternative Koo now available in Nigeria
Apart from my personal details, hackers will also come to know that I eat Noodles with Palak paneer.
Gappistan Radio (@GappistanRadio) May 18, 2017
Chetandeep Kaur (@im_cherrykaur) May 18, 2017
So now the dark web will know that I ordered chicken momo last Sunday. Hope the hacker is not a jain. #ZomatoHacked
Agave_plant (@khushrav) May 19, 2017
Sarcasm (@SarcasticRofl) May 18, 2017
~17 million user records stolen from #Zomato database.
Mom: “Beta see this is why I used to tell you. Ghar ka khana khao. It is the safest”
Rashi Kakkar (@rashi_kakkar) May 18, 2017
Zomato data leaked? Now the world will know how much butter chicken I eat.
Trendulkar (@Trendulkar) May 18, 2017
Though Zomato ensured that on their platform, passwords are hashed and salted, and cannot be converted back to plain text, as a safety measure, they still reset the passwords for all affected users and logged them out of the app and website.
While earlier Zomato speculated that this was an internal (human) security breach, which means possibly some employee s development account got compromised, Zomato has today updated its blog informing, this was actually a deed of a hacker, who basically wanted the platform to be aware of their loopholes. ALSO READ: Zomato Treats subscription plan launched in India; members get free dessert with every order
The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers, Zomato CTO Gunjan Patidar said in an official blogpost.
Additionally, Zomato has also announced that it will be introducing a bug bounty program on Hackerone very soon. With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace. The marketplace link which was being used to sell the data on the dark web is no longer available.
The hacker also gave us all the details on the way he/she got access to this database. We will post this information on our blog once we close the loopholes, so that others can learn from our mistakes, he added. ALSO READ: UberEATS food delivery service launched in India, takes on Zomato and Swiggy