Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web

Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web

Foodtech startup Zomato reported of a data hack yesterday. In a blogpost, the company notified that over 17 Mn user records from its database were stolen.

Just a day later, the company has stated that it managed to contact the hacker. In another blogpost, the company claims that, in order to mitigate the data hack, it managed to open a line of communication with the hacker who had put the userinformation up for sale.

The company maintained its claims that five data points were exposed – user IDs, names, usernames, email addresses, and password Hashes with salt. “No other information was exposed to anyone (we have a copy of the ‘leaked’ database with us). Your payment information is absolutely safe and there’s no need to panic.”

Zomato claims that the hack was done to demand a bug bounty programme. The statement read, “The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers.”

The company also said that it will introduce a bug bounty program on Hackerone very soon.

The company goes on to state, “Having said that, we are going to be cautious and paranoid, as this is a sensitive matter. 6.6 Mn users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms. We will be reaching out to these users to get them to update their password on all services where they might have used the same password.”

Zomato said that the hacker has, in turn, agreed to destroy copies of the stolen data and take the data off the dark web marketplace. Gunjan Patidar, Technology Chief at Zomato said the “marketplace link which was being used to sell the data on the dark web is no longer available.”

Zomato co-founder Deepinder Goyal took to Twitter to assure users who were logged in via Facebook or Google were at zero risk.

 

However, as per a source close to the development the data seems to have been compromised. A Reddit user claims that the passwords are hashed without salt. So it is possible to decrypt the passwords, as opposed to Zomato’s claims. And they are already available on the Dark Web for sale.

Zomato claims that the hacker gave them all the details about gaining access to the database, and that they will post the information on their blog once the loopholes are closed, so that others can learn from their mistakes.

In the meantime, users are advised to change their Zomato password and wherever else the same password is being used.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web-Inc42 Media
Zomato Hack: Company Claims Truce With The Hacker, Data Taken Off Dark Web-Inc42 Media
You’re in Good company