The popular food discovery app, Zomato, has announced that there was a security breach and over 17 million user records have been stolen from its database. The stolen data contains personal information like username, hashed passwords and email addresses.
Zomato said in blog post that it “look like an internal (human) security breach – some employee’s development account got compromised.” However, the company says that payment related information or credit card data has not been stolen by the hackers.
Zomato adds that all the payment related information “is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault.” The brand further said that all passwords are hashed and salted, meaning the chances of converting back to the original readable form is next to impossible.
For the unintended, hashed password basically uses a one-way hashing algorithm, which makes it practically impossible to go the other way and turn the hashed password back into the original password.
Further, the brand has reset the password for all affected users and have logged them out of the app and website. “Our team is actively scanning all possible breach vectors and closing any gaps in our environment.” The brand assures that it will be enhancing security measures for its website and will add an extra layer of authorization for internal teams having access to the data, which would possibly avoid any human breach.