Food Ordering Service Zomato Suffers Massive Data Breach

Media Division | May 18, 2017

Data breaches and cyber attacks can vary widely in their range of effects.  Some are able to only get away with minute information, whereas others purloin a plethora of highly sensitive data.  Whatever the case may be, a data breach is never without detriment. A recent data breach of the India-based company Zomato, a food ordering service, led to the theft of data from 17 million users.

The Perpetrator of the Attack

According to reports, a hacker called “nclay,” had claimed to have hacked Zomato, and was trying to sell the data on the dark web.  The stolen data included email addresses and password hashes. The hacker was asking for around $1000 in bitcoin for the entire set of information and had posted evidence of the data to prove the legitimacy of the offer. It is fortunate that only password hashes were stolen, as hashing is a method of turning passwords into garbled characters, which makes them more difficult to convert back to the original text. And while this potentially protected the passwords, Zomato is advising users to change their password if it used on other services.

Zomato’s Response to the Breach

Zomato had published a blog post that gave additional details in regard to the breach.  Apparently, the cause had been attributed to human error, as the development account of an employee had been compromised.  Unfortunately, breaches resulting from human error are not uncommon, and internal breaches have continued to become more prominent.  A large difficulty with internal breaches is that they can either be malicious or accidental, which can make it hard to identify who is a potential risk. industries of all different types continue to see these types of breaches occurring more frequently.

According to Zomato, no financial, payment, or credit card information was affected in the breach.  They took the additional precaution of resetting the passwords of all those affected, as well as logged them out of the app and website.  The company had also said that over the next couple weeks, they will be working to locate and plug any additional security holes in their systems, as well as implementing an additional authorization layer for internal personnel to prevent a similar occurrence.  Zomato has since been in communication with the hacker that was selling the data, whom they say has been very cooperative.  The hacker requested that Zomato implements a bug bounty program, which they agreed to, and the hacker, in turn, agreed to delete all copies of the data and remove the link from the dark web.

The Importance of Comprehensive Security to Prevent Cyber Attacks

With cyber attacks and data breaches becoming much more prevalent every single day, the need for proper security is more vital than ever.  Modern threats and attackers are extremely adept at circumventing basic reactive security implements and making more advanced and comprehensive systems necessary.  An organization cannot be lackadaisical with their cyber security in today’s landscape, as it puts them in a very vulnerable position. Any slight hole in security can easily result in an organization being compromised, and large amounts of damage occurring. We now store a wide variety of critical information and assets in the digital realm, and it must be protected for the sake of the organizations and their customers or clients. Massive Alliance offers a multitude of security services to help organizations properly prevent cyber attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.