Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. News

Zomato hacked, 17 million users’ accounts compromised by data theft

By
Add as a preferred source on Google

Update: Zomato says it’s been able to “open a line of communication with the hacker” who has been “very cooperative with us.” It said the hacker wanted the company to “acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps.” It added that the hacker has agreed to “destroy all copies of the stolen data” and remove it from the dark web marketplace, but continued to urge affected users to change their passwords as a precaution.

Early on Thursday, online restaurant guide Zomato revealed it’d been hit by hackers, estimating that login details had been stolen from 17 million of its 120 million users.

Recommended Videos

In a post on its site the India-based company said the “recent” discovery involved the theft of “email addresses and hashed passwords.” It insisted that no payment-related information had been nabbed in the attack as that data is held separately and wasn’t targeted.

However, the company said it would “strongly advise” all of its users to reset their passwords as a precautionary measure, and also to reset it with any other services where the same password is used. For the 17 million users Zomato could positively identify as having been directly affected, the company said it’d forced a password change and was notifying them of the move so they could then reset it themselves.

The service, founded in 2008, is a Yelp-like user-reviewed directory of more than 1.2 million popular restaurants, cafes, and bars in more than 10,000 cities across 24 countries, many of which are located in the United States. The service also offers food deliveries and lets you book tables. Digital Trends included Zomato in its “best apps” listings back in 2013.

Later on Thursday, Zomato updated its post, reminding its users that those who login via services such as Facebook and Google needn’t worry about the breach, as it holds no login information for such users. “We don’t have any passwords for these accounts; therefore, these users are at zero risk,” the company confirmed.

Zomato promised its users that “over the next couple of days and weeks” it’ll be working to “plug any more security gaps that we find in our systems,” while at the same time “further enhancing security measures for all user information stored within our database.”

So just to reiterate, if you’re a Zomato user, for peace of mind go and change your password now, as well as on any other services where you use the same password.

Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Topics
Claude’s Sonnet 5 is built to do more on its own and cost you less
Better than its predecessor, nearly as good as the flagship, and meaningfully cheaper than both.
Art, Floral Design, Graphics

Every major AI lab is racing to prove its models can work autonomously with minimal hand-holding; we’re now seeing pricing emerge as the next battleground. 

Anthropic just fired its latest shot, Claude Sonnet 5, a model the company says performs nearly as well as its flagship Opus 4.8 at a fraction of the cost.

Read more
Apple Creator Studio adds AI tools across Final Cut Pro, Logic Pro and Pixelmator Pro
Final Cut Pro gets AI captions, Auto Mask and better Pixelmator Pro workflows in Creator Studio update
Computer Hardware, Electronics, Hardware

Apple has introduced a major update to Apple Creator Studio, adding new AI features, deeper Pixelmator Pro integration, and workflow upgrades across Final Cut Pro, Logic Pro, Keynote, Pages, Numbers, Motion, Compressor, Freeform, and Final Cut Camera.

The update makes Creator Studio more useful across Mac, iPad, and iPhone, especially for people who move between video editing, image editing, presentations, documents, spreadsheets, and music production.

Read more
AI browsers like Perplexity Comet can be tricked into spilling your password through BioShocking exploit
Six AI browsers were found leaking saved passwords and many of them haven't fixed it yet.
MacBook Air in hand, Comet browser loaded—let’s see what Perplexity’s AI can really do

Security researchers just found a strange way to trick AI browsers into handing over your passwords. They managed to trick AI browser agents into exposing sensitive data like saved passwords, session cookies, and private tokens by disguising the theft as part of a harmless "game."

The technique is called BioShocking, named after the popular video game BioShock, where a brainwashed character is manipulated into believing a false reality. Once an AI browser falls for the same trick, it stops following its own safety rules entirely.

Read more