Zomato on Thursday admitted a major security breach in its database, wherein user records of its 17 million users have been stolen. According to the food delivery app, the stolen information includes the e-mail addresses and hashed passwords of its users. The company further said that it is difficult for the hackers to access the passwords as the company uses special encryption technique to safeguard its user data. Even so, the company has advised all its users to change their password on the app and on all the services they were using the same app.
Reassuring the users about the safety of their payment information, the company said that the all the payment related data was stored separately in a PCI Data Security Standard (DSS) compliant vault and that no credit card data has been stolen.
Furthermore, the company has reset the passwords for all the affected users and logged them out of the app the website. The company further explained that its team was working round the clock and closing all the security gaps. “So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” wrote in a blog post.
Over the next couple of weeks, Zomato would be actively working to plug in the security gaps on its platform. The app would also get another layer of authorisation to avoid the possibility of another human breach in the future, Zomato CTO Gunjan Patidar said in an official statement.