The marketplace link, which was being used to sell the data on the dark web, is no longer available, says Zomato.

Zomato update Hacker destroys copies of stolen data but 66 mn accounts could still be at riskImage for representational purpose only
Atom Cyber Secutiry Friday, May 19, 2017 - 10:49

There was some panic on Thursday after Zomato put up a blog post stating that data of 17 million accounts had been stolen. This included names, email ID and usernames. However, Zomato assured people that as passwords and card details were encrypted, they were safe and not compromised.

Zomato has now updated its blog saying that it got in touch with the hacker who had put the user data up for sale. 

“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” Zomato said on its blog.

Going by what the hacker wanted, Zomato has said that it will be introducing a bug bounty program on Hackerone very soon.

And with that assurance, the hacker agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.

Zomato claims that the marketplace link, which was being used to sell the data on the dark web, is no longer available.

Of the 17 million accounts whose data was stolen, 6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms.

Zomato says that it will be reaching out to these users and will get them to update their passwords on all services where they may have used the same password.

It reiterated that only five data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt.

“No other information was exposed to anyone (we have a copy of the ‘leaked’ database with us). Your payment information is absolutely safe, and there’s no need to panic,” the company says. 

The food discovery and delivery major also said that the hacker disclosed how he got access to this database.

Further, so that others can learn from Zomato’s mistakes, it will be posting this information on its blog once it fixes the loopholes.

Image: Zomato Facebook page

Show us some love and support our journalism by becoming a TNM Member - Click here.