Zomato hacked: 17 million users hit by data theft
Why it matters to you
If you’re a Zomato user, best you go and change your password now.
Early on Thursday, online restaurant guide Zomato revealed it’d been hit by hackers, estimating that login details had been stolen from 17 million of its 120 million users.
In a post on its site the India-based company said the “recent” discovery involved the theft of “email addresses and hashed passwords.” It insisted that no payment-related information had been nabbed in the attack as that data is held separately and wasn’t targeted.
However, the company said it would “strongly advise” all of its users to reset their passwords as a precautionary measure, and also to reset it with any other services where the same password is used. For the 17 million users Zomato could positively identify as having been directly affected, the company said it’d forced a password change and was notifying them of the move so they could then reset it themselves.
The service, founded in 2008, is a Yelp-like user-reviewed directory of more than 1.2 million popular restaurants, cafes, and bars in more than 10,000 cities across 24 countries, many of which are located in the U.S. The service also offers food deliveries and lets you book tables. Digital Trends included Zomato in its “best apps” listings back in 2013.
Later on Thursday, Zomato updated its post, reminding its users that those who login via services such as Facebook and Google needn’t worry about the breach, as it holds no login information for such users. “We don’t have any passwords for these accounts, therefore, these users are at zero risk,” the company confirmed.
Zomato promised its users that “over the next couple of days and weeks” it’ll be working to “plug any more security gaps that we find in our systems,” while at the same time “further enhancing security measures for all user information stored within our database.”
So just to reiterate, if you’re a Zomato user, for peace of mind go and change your password now, as well as on any other services where you use the same password.