Hacks on huge websites do happen often nowadays due to security flaws huge list of user accounts and sensitive information end up on Dark web markets and this time it is Zomato a popular restaurant and event listing service website got hacked.
Currently, the hacked 17 Million Accounts are sold on Dark Web by the vendor who goes by the name ‘nclay’ and he is the same guy who sold the hacked Edmodo accounts a few days ago.
Zomato Database Breach (17 million entries,md5 encryption) read the listing on the darknet market and the database includes emails and password hashes and he claims to sell the data for USD 1,001.43 (BTC 0.5587).
The Vendor shared sample data to show the authenticity of the data. You can find the snapshot of the shared data by nclay. According to the report by the hack read, on testing each and every email in sample data it matched with the login and found to be legit.
Even HackRead did send out its email to Zomato but there wasn’t any official response to the email and some emails found in the sample data of the hack was found to be registered to users and the hacker told the data was stolen this month and this year, May 2017.
Recently the company has accepted it data breach on its own blog and asking all its users to change their password at the earliest. Later today this read on Zomato’s blog,
The reason you’re reading this blog post is because of a recent discovery by our security team – about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.
We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text. We, however, strongly advise you to change your password for any other services where you are using the same password.