In yet another case that highlights the vulnerability of online systems, leading restaurant search and discovery platform Zomato has confirmed that its systems have been hacked and usernames and passwords of 17 million users have been stolen by hackers. It may be recalled that Zomato has a total user base of 120 million. A blog post published by the company says that the passwords were hashed, meaning they were encrypted, but it may not be all that difficult for hackers to crack such encrypted data. Zomato has already reset the passwords of all accounts that were hacked; however, it is advisable that users change their password.
The company has however clarified that the payments data has not been hacked since it was on a different, more secure server. It has assured users that their payment and credit card details are completely secure. All such data is stored in a highly secure PCI Data Security Standard (DSS) compliant vault. Preliminary investigations conducted by Zomato have revealed that the hacking may be a result of an internal security breach. Either one of the employees stole the data or it can be that the account of one of the employees might have been hacked. The company is investigating both angles to get to the bottom of the case.