Intel AMA
Intel AMA

Zomato hacker withdraws dark web listing, apparently destroys all stolen data

By Prasid Banerjee | Published on 19 May 2017
HIGHLIGHTS
  • Zomato says it contacted the hacker and has reached a settlement with him/her. The company is still recommending caution.

Zomato hacker withdraws dark web listing, apparently destroys all stolen data

Zomato seems to have got away with the security hassle it faced recently. In a blog post made less than a day ago, Zomato said that it made contact with hacker “nclay”, who in turn agreed to remove the Dark Web listing selling the Zomato database records. “Earlier today, our security team discovered that user emails and hashed passwords were stolen from our database. Since then, we have taken multiple steps to mitigate the situation. One of these steps was to open a line of communication with the hacker who had put the user data up for sale,” wrote Zomato.

According to the company, the hacker demanded that Zomato work with the ethical hacker community to “plug the gaps” in its security, and also acknowledge the holes. In addition, one of the hacker’s key demands was apparently that Zomato start a “healthy bug bounty” program, which the company says it is doing on Hackerone soon.

The listing on Hansa (the Dark Web marketplace where the data was being sold) has since disappeared. So it seems the hacker is keeping true to his/her word. Zomato is still recommending caution. “Having said that, we are going to be cautious and paranoid, as this is a sensitive matter. 6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms,” the company wrote. The post also says that Zomato will be reaching out to these users to have them update their passwords on all their accounts.

 
Prasid Banerjee
Prasid Banerjee

Email Email Prasid Banerjee

Follow Us Facebook Logo Facebook Logo

About Me: Trying to explain technology to my parents. Failing miserably. Read More

Tags:
Zomato Zomato hack Zomato data Zomato hacker Zomato account leak Zomato leak
DMCA.com Protection Status