NEW YORK – Zomato is the latest online company to be targeted by hackers, with personal data, email addresses and hashed passwords of up to 17 million users around the world stolen.
Article continues after the advertisement
The website, founded in India in 2008, boasts 120 million monthly users and hosts information on 1 million eateries in 10,000 cities across 23 countries.
It hosts menus, photos, and locations of restaurants in addition to user reviews and ratings, similar to its competitor Yelp.
“So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” the company said in an official blog post explaining the breach.
Zomato joins the ranks of Yahoo, LinkedIn, Tumblr, and Daily Motion which have all experienced similar data breaches in recent years.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text,” reads the blog post.
— RT (@RT_com) May 18, 2017
The company has reiterated multiple times on social media that payment data is stored separately and was not compromised as part of the breach. To allay fears, CEO and Founder Deepinder Goyal claims that his credit card information is still stored on the site.
“But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password,” the company added.
The investigation into the breach is ongoing but users who use the same password across multiple websites and social media platforms are being advised to change their password as soon as possible.
Zomato is valued at around $1 billion though the tech startup saw its estimated paper value unceremoniously cut in half in 2016. This latest breach will likely further damage the private company’s valuation.
Private cyber-security firms and crowd-sourced solutions seem to be the way forward, given the recent successes in stopping major cyber-attacks but competing with government-created cyber weaponry will prove incredibly difficult.