Online restaurant discovery and food ordering company Zomato on Thursday said about 17 million user records from its database were stolen. The stolen information includes user email addresses and encrypted passwords.

The Delhi-based company, in its official blog, said since the stolen information, email ids and passwords, have been hashed (encrypted) it cannot be easily converted to a plain text by the hackers.

The company further assured that the financial data or payment related data (card and transaction details) have not been stolen.

“We however, strongly advise you to change your password for any other services where you are using the same password. As a precaution, we have also reset all the passwords for all affected users and logged them out of the app and website.

“Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach — some employee’s development account got compromised,” it further said.

In a Twitter post, Zomato’s founder Deepinder Goyal said about 60 per cent of its clients use third-party services (Google and Facebook) for logging in and hence these accounts are at zero risk.

Zomato, which has over 120 million users visiting its platform every month, was earlier hacked by an ethical hacker in 2015.

Commenting on the increasing incidence of online hacking, Pradipto Chakrabarty, Regional Director at CompTIA India, a global tech association, told BusinessLine that most companies in India follow ethical hacking or penetration testing wherein they enter their own system to find a malware.

But instead of doing that, Chakrabarty said the companies should be focusing on strengthening their team with more cybersecurity analysts, who can analyse the pattern of attack or a particular malware’s behaviour.

He also suggested that the users need to be more careful and should not store any password or card details on any app.

comment COMMENT NOW