Zomato to reach out to 6.6 million hacked users to update their passwords
Zomato says will reach out to 6.6 million users to get them to update their password on all services where they might have used the same password
Latest News »
- Maharashtra CM Devendra Fadnavis finalises Rs34,000 crore farm loan waiver
- Mahatma Gandhi’s teachings are immortal, says Venkaiah Naidu
- Nasa’s Chess rocket to study interstellar clouds
- Infosys chairman R.Seshasayee to retire next year, wants smooth transition
- Pakistan’s BAT team carried ‘special daggers’, cameras to record terror attack
New Delhi: Online restaurant guide and food ordering app Zomato will be reaching out to 6.6 million users, whose ‘hashed’ passwords could be “theoretically decrypted” in order to get them to update their account security.
The company had reported Thursday that about 17 million user records have been stolen from its database, which included user email addresses and ‘hashed’ passwords but no payment information or credit card data. “6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms,” Zomato said in a blog post.
A hashed password is series of random-looking characters used by companies for security reasons to protect users.
The company will be reaching out to these users to get them to update their password on all services where they might have used the same password, it added. Zomato said it was able to get in touch with the hacker, who had put the stolen user data up for sale. The hacker has agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.
The startup further said it will be introducing a bug bounty programme on HackerOne for security researchers very soon, which was the key demand of the hacker.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps,” Zomato said.
The company said hacker also gave it all the details on the way he/she got access to this database. “We will post this information on our blog once we close the loopholes, so that others can learn from our mistakes”, it further added.
The start-up’s disclosure has come at a time when the world is grappling with the cyber attack by WannaCry ransomware which has impacted IT networks in over 150 countries. PTI