Zomato on Thursday admitted to a major security breach, where more than 17 million user records were stolen from its database. While disclosing the attack in a blog post, the company assured users that all payment data is stored separately from the stolen data, and that no payment information or credit card data has been stolen.
According to Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato and is ready to sell data pertaining to 17 million registered users on a popular dark web marketplace.
This is not the first time that Zomato has been targeted in a hacking attack. Reports claim that in 2015, the company was hacked by a white hat hacker who reported the details to Zomato.
Zomato has claimed that it has reset passwords for all affected users, apart from logging them out of the app and website. According to Zomato, it is now investigating the breach to close gaps, and it noted that it seemed more of an internal security breach. The company doubts that either the account of an employee has been stolen, or these accounts were stolen by an employee.
Although Zomato has said that it will actively work to improve it's security system, the breach has definitely left people bothered.
The Zomato data breach comes on a wave of security breaches that have hit both private and government parties. Earlier IN 2017, the McDonalds India app was found to have potentially leaked the personal data of nearly 2.2 million users.