India’s largest online restaurant guide and food ordering app Zomato on Thursday said that about 17 million of their user’s records have been stolen from its database.The stolen information contains user’s email addresses and ‘hashed’ passwords of its 17 million users.
This disclosure comes at a time when the world is shocked with the latest cyber-attack by ransomware ‘WannaCry’, which has impacted IT networks in over 150 countries. Zomato said the data theft was discovered recently by its security team, without indicating the exact time or if it was related to the ‘WannaCry’ ransomware attack.
“Our team is actively scanning all possible breaches and closing any gaps in our environment. So far, it looks like an internal human security breach.
The company, however, claims to have found no evidence of unauthorized access to its financial or credit card information’s because Payment related information on Zomato is stored separately in a highly secure PCI Data Security Standard (DSS) compliant vault.
Going forward, Zomato said it has reset passwords for all affected users and logged them out of its app and website. It, however, encouraged users to change password for any other services where they were using the same password. Zomato also said over 120 million users visit its site every month and it will be actively working to fix any more security gaps in its systems.