emfizz.com December 14, 2017

17 million user records stolen from restaurant guide Zomato

19 May 2017, 12:26 | Bernard Bryant

Zomato's rotten security sees hackers make off with 6.6 million user passwords

Zomato's rotten security sees hackers make off with 6.6 million user passwords

The food discovery and delivery major also said that the hacker disclosed how he got access to this database.

The company also acknowledged that 5 points of data were stolen including user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. The hacker who could get into it and steal the data had put up the data for sale in the dark web marketplace.

According to information shared on Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato. "He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps", Zomato wrote in the blog post.

And with that assurance, the hacker agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.

Further, so that others can learn from Zomato's mistakes, it will be posting this information on its blog once it fixes the loopholes.

"The database includes emails and password hashes of registered Zomato users while the price set for the whole package is Dollars 1,001.43 (BTC 0.5587)".

John Gibson: John Gibson gives up 3 goals in GM 1 loss
It was Silfverberg's 14th career playoff goal, tying him with Paul Kariya for fourth place on the all-time franchise list. He stopped 26 of 28 shots over the previous three hours - and 120 of 127 in the last three games - but it wasn't enough.

CBI raids Chidambaram's home in Chennai
The board recommended the proposal of INX Media for consideration of the Finance Minister but not that of INX News. Official sources in Delhi said the searches are spread across Mumbai, Delhi, Chennai, and Gurugram.

Hayden 'extremely critical' after cycling accident
UPDATE: Nicky has now been joined by his brother Tommy and mother Rose who arrived in Italy from the United States earlier today. Reigning MotoGP champion Marc Marquez tweeted a picture with Hayden and wrote: "My thoughts are with you".

MediaNama has written to Zomato to confirm whether it used the outdated MD5 algorithm, and whether it stored salt values on the same server as the passwords. However, independent sources including the motherboard state that the password was converted into text easily enough.

The hacker requested the company to run a healthy bug bounty program for security researchers. Nonetheless Zomato has asked all users to change passwords for any other services where they used the same password.

Important note - payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault.

"The hashed password can not be converted/decrypted back to plain text - so the sanctity of password is intact in case users' use the same password for other services", it said. Affected users have been logged out of the website and the app. HackRead, a security blog and news website, found the stolen Zomato database of 17 million users for sale on what is called the "dark web". This can be described as a portion of the content available on the World Wide Web, away from the public internet.

Zomato said that no money has passed hands and that it has been in communication with the hacker. "Should an end user face any lossdamage due to data breach, they can sue Zomato and seek compensation".

Other News

Trending Now

Betty Shelby's Job As Officer Could Be In Jeopardy
White police officer Betty Shelby shot and killed an unarmed black man named Terance Crutcher following a roadside encounter. Bynum said he respected the jury's decision but that the city still has racial disparities to change.

Trump calls Russian Federation probe 'single greatest witch hunt' in United States history
And President Richard Nixon resigned after a damning investigation by a select committee, before he could be impeached. Comey succeeded him, appointed by Obama. "Director Comey was very unpopular with most people ", he said.

Just Eat PLC's (JE) "Add" Rating Reiterated at Numis Securities Ltd
With 206,500 avg volume, 10 days are for GW Pharmaceuticals Plc Ads (NASDAQ:GWPH)'s short sellers to cover GWPH's short positions. Therefore 50% are positive. 4imprint Group PLC had 43 analyst reports since July 29, 2015 according to SRatingsIntel.

Champions League spot up for grabs on final day
United's pre-season tour of the U.S. also features games against the LA Galaxy, Real Salt Lake, Barcelona and Real Madrid. West Brom's approach was obvious early on as they sat back and invited City to try and break them down.

WhatsApp brings pinned chats to Android: Here's how to use the feature
You can also un-pin WhatsApp chats whenever you please, by long pressing the option, and disabling the Pin button. If you want to pin a chat to the top, long press the chat and you will see the " pin " icon on the top bar.

Brazil's president denies authorizing payments to silence politician
Temer has acknowledged meeting with the executive who is the alleged source of the recordings, meatpacking tycoon Joesley Batista. Temer late Wednesday denied a report that he endorsed the idea of bribing a now jailed former congressman to keep him quiet.

Instagram 'worst for young mental health'
Based on the ratings given to each platform for the health and wellbeing-related issues, the five most popular platforms were given a net average score.

Johansen and Kesler take spotlight in Western Conference Final
Zolnierczyk has appeared in seven of the Predators' first 12 playoff games and scored a goal in the first round against Chicago. In a game billed as the biggest postseason game ever played in the city of Nashville , the Predators were not to be denied.

Europol: Cyberattack Threat Escalating As Manhunt Under Way
This attack highlights a larger problem with proprietory software and hardware sold by companies such as Microsoft. His concerns were echoed by James Clapper, former director of national intelligence under President Barack Obama.

Deputy AG to brief Senate on Mueller nod; Trump unhappy with move
And finally, on Wednesday, Rosenstein appointed a special counsel, former FBI Director Robert Mueller, to lead the investigation. Yet there's no question that Comey's firing at least temporarily hobbled Rosenstein's public standing.