Restaurant guide Zomato got off lightly after a hacker grabbed 6.6M user passwords
May 19, 2017
Restaurant guide and food delivery serviceZomato looks like it is getting off lightly after it suffered a spoof that endangered personal information belonging to 6.6 million users.
The India-based firm, which offersservices in more than 20 countries worldwide, start out alarm bells when it disclosedthat a hacker had made off with1 7 million used chronicles. That, Zomato alleged, included email addresses and hashed passwords, but not credit card information.
Initially, the embezzled knowledge wasput up for sale; nonetheless, the company subsequently disclosedthat the hacker had agreed to remove the rostering on the condition that Zomato introduce a fully fledged imperfection reward program.
Zomato has operated an chronicle on disclosure assistance Hacker One for more than a year; nonetheless, CEO Deepinder Goyal fortified on Twitter that it would be launched offsetting hackers with coin for their disclosures.
Following the incident, Zomatoreset the passwords ofall affected useds and logged them out of itsapp and website. It said that 60 percent of its 17 million used the documents are restrained to social log-in via Twitter or Facebook and therefore werent impacted by the spoof. The firm claimed that thepasswords that were embezzled cannot be readily altered back to plain text, but Motherboard and security experts didnt have issues converting into originalpasswords a sampleof the data provided by the hacker.
Security experts werent excited with Zomatos security measures.