Restaurant searching and food ordering company, Zomato’s database is breached by a group of hackers and data of 17 million users is stolen. Hackers were able to stole user e-mails, passwords and Name from the database. However, they didn’t stole payment information and payment details of users are safe as reported by Zomato in a blog post. This is not the first time that Zomato has been targeted in a hacking attack. In 2015, the company was hacked by a white hat hacker who reported the details to Zomato, which addressed the weaknesses to the company.
Zomato stated that they tried to opt for several steps to cope out the situation. They have opened a line of communication with the hackers to finalise a deal in return to not put data up for sale at dark web. Funny part is that, Zomato said that hacker has been very cooperative with us and he/she just wanted to acknowledge us about security loopholes in our system and asked to plug these loopholes with the help of ethical hacker community.
Hacker only requested for a big bounty program for security researchers. Once assured about it by Zomato, he dramatically pulls off the link of sale of data at Dark Web. Hacker accepted to delete all copies of data. Hacker demonstrate about he/she get into the database and Zomato will soon publish that too on blog for the help of others. Zomato in blog post stated
only 5 data points were exposed to hacker namely user id, name, e-mail, password and password hashes with salt. Your payment information is absolutely safe and their is need to panic. (copies are available for the breach)
With growing usage of internet, hack attempts are increasing day by day. In India, companies are not such serious about cyber-security. We hardly see start-ups based on cyber-security. It is a major concern.
This hacker reminds me of some bollywood thief, who said : Beimaani ke dhandhe badi Imaandari se hote hai. What if hacker fooled Zomato about deletion of user data.
If hacker was so cooperative and honest why he/she puts data for sale in dark web? Hacker told about how he/she get in and asks to plug that loophole. What if hacker already played his/her next move? Zomato should take it seriously and so as others. Share your views and comments regarding this hack and what we are lacking that cyber-security is not our first priority in comments below.