Zomato, the popular restaurant search reported a security breach on Thursday, 18th May 2017. Data of almost 17 million users was reported to be stolen from its database, including passwords. After the terrifying cyberattack last week, where a ransomware called ‘Wannacry’ hacked into computers and encrypted files, this instance is the second serious issue to question online security.
Zomato, in one of its blogs, confirmed the breach of security and said that the passwords were secured with a ‘hashed’ algorithm and hence, wouldn’t be easily converted or decrypted into plain text again. But this claim was challenged by a senior authority on the subject, Troy Hunt an Australian security expert. It lead Zomato to update the blog, “We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text. We however, strongly advise you to change your password for any other services where you are using the same password”.
The news was first posted on Hackread.com, which reported that the particulars had been put up on a dark web network along with proof of the cyber theft. According to Hackread, the user who goes by the name of ‘nclay’ has made a demand of 0.5587 Bitcoin virtual currency, which is almost equivalent to Rs. 65418 INR. But though the stolen information included user ids and passwords, the payment details and card numbers are said to be in safe hands, being stored separately in a top-notch PCI Data Security Standard (DSS) compliant vault.
Now, it is left to be seen how the recent online threats change the future discourse. This blog will be updated when we have more information on this subject.