Zomato hacker withdraws dark web listing, apparently destroys all stolen data

By Prasid Banerjee | Updated 19 May 2017
Zomato hacker withdraws dark web listing, apparently destroys all stolen data
  • Zomato says it contacted the hacker and has reached a settlement with him/her. The company is still recommending caution.

Zomato seems to have got away with the security hassle it faced recently. In a blog post made less than a day ago, Zomato said that it made contact with hacker “nclay”, who in turn agreed to remove the Dark Web listing selling the Zomato database records. “Earlier today, our security team discovered that user emails and hashed passwords were stolen from our database. Since then, we have taken multiple steps to mitigate the situation. One of these steps was to open a line of communication with the hacker who had put the user data up for sale,” wrote Zomato.

advertisements

According to the company, the hacker demanded that Zomato work with the ethical hacker community to “plug the gaps” in its security, and also acknowledge the holes. In addition, one of the hacker’s key demands was apparently that Zomato start a “healthy bug bounty” program, which the company says it is doing on Hackerone soon.

The listing on Hansa (the Dark Web marketplace where the data was being sold) has since disappeared. So it seems the hacker is keeping true to his/her word. Zomato is still recommending caution. “Having said that, we are going to be cautious and paranoid, as this is a sensitive matter. 6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms,” the company wrote. The post also says that Zomato will be reaching out to these users to have them update their passwords on all their accounts.

advertisements
 
advertisements
Prasid Banerjee
Trying to explain technology to my parents. Failing miserably.
advertisements
ASK DIGIT

Recent Questions

web hijacking
CHRISTIANA JOHN
Sept 19, 2014
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements