Zomato hacker withdraws dark web listing, apparently destroys all stolen data

By Prasid Banerjee | Published on 19 May 2017
Zomato hacker withdraws dark web listing, apparently destroys all stolen data

Zomato says it contacted the hacker and has reached a settlement with him/her. The company is still recommending caution.

Now you can read digit magazine online!!!

A geek’s guide to surviving lockdowns – for all ages from 5 to 105

Click here to know more

Zomato seems to have got away with the security hassle it faced recently. In a blog post made less than a day ago, Zomato said that it made contact with hacker “nclay”, who in turn agreed to remove the Dark Web listing selling the Zomato database records. “Earlier today, our security team discovered that user emails and hashed passwords were stolen from our database. Since then, we have taken multiple steps to mitigate the situation. One of these steps was to open a line of communication with the hacker who had put the user data up for sale,” wrote Zomato.

According to the company, the hacker demanded that Zomato work with the ethical hacker community to “plug the gaps” in its security, and also acknowledge the holes. In addition, one of the hacker’s key demands was apparently that Zomato start a “healthy bug bounty” program, which the company says it is doing on Hackerone soon.

The listing on Hansa (the Dark Web marketplace where the data was being sold) has since disappeared. So it seems the hacker is keeping true to his/her word. Zomato is still recommending caution. “Having said that, we are going to be cautious and paranoid, as this is a sensitive matter. 6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms,” the company wrote. The post also says that Zomato will be reaching out to these users to have them update their passwords on all their accounts.

Prasid Banerjee

Trying to explain technology to my parents. Failing miserably.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status