Following the security breach of over 17 million accounts of users of India’s largest online restaurant guide Zomato, the food app has issued an advisory, assuring that the payment related information on the site was safe and was not leaked.
Zomato, in a blog post, conveyed to its customers that the stolen information has user email addresses and hashed passwords. However, it assured that they hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password, which means the customers’ passwords cannot be easily converted back to plain text.
“We, however, strongly advise you to change your password for any other services where you are using the same password,” Zomato suggested.
The food app also informed that they store all the payment related information in a highly secure PCI Data Security Standard (DSS) compliant vault.
“As a precaution, we have reset the passwords for all affected users and logged them out of the app and website,” it said. “Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” the blog further read. As per media reports, 17 million user accounts of Zomato were hacked, including emails and password hashes of registered users.