Online restaurant guide Zomato has admitted that hackers have stolen "about 17 million user records" from its customer database.

The admission came after the user records were offered for sale on the dark web.

The users’ information is being sold for just over $1,000 (£770) on a popular darknet marketplace which is not indexed by search engines such as Google.

Zomato said in a blog post that there was a recent discovery by our security team – about 17 million user records from our database were stolen.

They include user emails and hashed passwords, the firm said.

Password hashing is a form of encryption which is designed to require so much computing power for the password to be recovered as to make that practically impossible for someone who does not already know what the password is.

However, there are old hashing algorithms which are known to not require as much computing power as they should.

One of these algorithms, MD5, has been described by researchers as severely compromised.

According to the hackers selling the stolen data, MD5 was the hashing algorithm used by Zomato to encrypt its users passwords.

In a security notice to users, the company, which operates in 23 countries including the UK, is strongly advising them to now change their passwords for any other services for which they are using the same one.

The Indian firm stressed, however, that no payment information or credit card data has been stolen/leaked, as it was stored separately from customer data.

Zomato has also reset all of its users passwords and users have been logged out of the app and website to secure their accounts.

It said that it believes the breach took place when an employee’s development account was compromised and is now adding additional security for internal teams who have access to customer data.

(c) Sky News 2017: Millions of Zomato users’ details stolen by hackers

Comments

comments