Zomato, in a statement released today, has revealed that the company has suffered a security breach with data of 17 million users from the company’s database has been reportedly stolen. The stolen information includes the email addresses and hashed passwords of Zomato’s customers.
A user by the name of “nclay” has claimed responsibility for the breach and was willing to sell the data for $1000 per user on a Dark Web marketplace.
Zomato has stated that the security breach has not compromised the payment information or credit card data of customers. This data is stored in a secure PCI Data Security Standard (DSS) compliant vault. Additionally, it has also stated that the hashed passwords cannot be easily decrypted but has requested its users to change their Zomato account passwords as a precautionary measure.
The breach was discovered by Zomato’s internal security team during a security investigation of its systems.