There was a data security breach at Zomato, a food tech-company, which resulted in 17 million user’s data being stolen. The hackers managed to obtain email addresses and hashed passwords. Luckily, no credit card data was stolen.
Hackaread seems to suggest that a hacker that goes by the name of “nclay” is responsible for this, and is looking to sell the stolen data on a popular Dark Web marketplace for roughly $1,000.
Hashing is a process during which an original password text is transformed into an incoherent set of characters, but it is still possible to reverse the process to obtain the original set of characters. To make this a bit harder to achieve, Zomato adds in random characters before the password is hashed, so even if the bad guys manage to untangle it, they would be left with unintelligible information.
Therefore, the passwords are still safe in theory, but Zomato is encouraging its users to change their passwords regardless, especially if they are using the same password on other services, just to be on the safe side.
Another precautionary measure they decided to take is to enforce a mandatory password reset for all the affected users, temporarily logging them out of the website.
As for the cause of the breach, in one of their recent blog posts, the company is blaming human error, which resulted in one of the development accounts becoming compromised.
In the months to come, Zomato will be stepping up their data security measures, closing any yet to be identified gaps in their environment.