According to Hackread.com, a user “Nclay” claimed the hacking of Zomato and showed the intentions of selling data of 17 million users at a package of $1,001.43 (BTC 0.5587), here BTC stands for bitcoins. “Nclay” willingly wants to sell data at a popular dark web marketplace. He also displayed some data samples to prove its authenticity.
Zomato, India’s largest online restaurant guide will now have to pay a compensation amount to the users as the data stolen consisted of personally identifiable information. Prashant Mali, a leading IT security expert claims that under section 43A of the Indian IT Act, Zomato has to provide compensation to the users, as it failed to protect personal data.
Zomato has its presence in over 20 countries and has a traffic of nearly 90 million users per month. Zomato added that they used hashed and salted passwords, that means, the encrypted information cannot be converted into the original one and thus the user’s data is secure. In technical terms, hashing is encrypting data with a mathematical function while salting refers to the padding of data before it goes into the hashing phase. Salting is done for the additional security of data.
Zomato further added that even after this security measures if any breaching has occurred, they have made a plan to rescue the users. For security purposes, Zomato has reset all the passwords and logged out all the affected users from their website. The team also claimed that they are working towards finding bugs and vulnerabilities into their systems.
The team is adding one more layer of security in the systems i.e. authorization for internal teams, this will enable only the teams to access the data. Although after the news spread, Zomato said that they will work towards making their security systems better in the next couple of days and will enhance security measures for all the user related information.