About 17 million user records from Zomato’s database were stolen, the company said in a blog post. Zomato’s Gunjan Patidar has reassured users that no payment information or credit card data has been leaked. The food ordering service, which is used by over 120 million users, has reset passwords of all affected users and logged them out as a precaution.
“Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” reads the blog post.
The stolen information includes user’s email addresses as well as hashed passwords. Patidar has recommended users to change passwords in case they’re using the same for other accounts as well. Further, Zomato will be adding an extra layer of security for internal teams to avoid such a breach in the future.
The development comes on the heels of WannaCry ransomware attack that has affected about 150 countries globally, including Russia and the US. In India, five or six isolated instances have been reported in states like Gujrat, Kerala and West Bengal.
Patidar has assured Zomato users that the stolen information can’t be misused since the company has reset the passwords for all affected users. He adds that Zomato accounts of all users are secure. Further, Zomato plans to roll out enhanced security measures for all user information stored within their database.