Skip to main content

Zomato hacked, 17 million users’ accounts compromised by data theft

zomato data hack
Digital Trends
Update: Zomato says it’s been able to “open a line of communication with the hacker” who has been “very cooperative with us.” It said the hacker wanted the company to “acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps.” It added that the hacker has agreed to “destroy all copies of the stolen data” and remove it from the dark web marketplace, but continued to urge affected users to change their passwords as a precaution.

Early on Thursday, online restaurant guide Zomato revealed it’d been hit by hackers, estimating that login details had been stolen from 17 million of its 120 million users.

In a post on its site the India-based company said the “recent” discovery involved the theft of “email addresses and hashed passwords.” It insisted that no payment-related information had been nabbed in the attack as that data is held separately and wasn’t targeted.

However, the company said it would “strongly advise” all of its users to reset their passwords as a precautionary measure, and also to reset it with any other services where the same password is used. For the 17 million users Zomato could positively identify as having been directly affected, the company said it’d forced a password change and was notifying them of the move so they could then reset it themselves.

The service, founded in 2008, is a Yelp-like user-reviewed directory of more than 1.2 million popular restaurants, cafes, and bars in more than 10,000 cities across 24 countries, many of which are located in the United States. The service also offers food deliveries and lets you book tables. Digital Trends included Zomato in its “best apps” listings back in 2013.

Later on Thursday, Zomato updated its post, reminding its users that those who login via services such as Facebook and Google needn’t worry about the breach, as it holds no login information for such users. “We don’t have any passwords for these accounts; therefore, these users are at zero risk,” the company confirmed.

Zomato promised its users that “over the next couple of days and weeks” it’ll be working to “plug any more security gaps that we find in our systems,” while at the same time “further enhancing security measures for all user information stored within our database.”

So just to reiterate, if you’re a Zomato user, for peace of mind go and change your password now, as well as on any other services where you use the same password.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hack involved the data of a nation’s entire population
A depiction of a hacker breaking into a system via the use of code.

Hackers are well known to nab customer data held by companies, but obtaining the personal data of pretty much all of the residents of a single nation in one fell swoop takes the nefarious practice to a whole new level.

The remarkable feat was allegedly performed by a 25-year-old Dutch hacker who, when arrested by police, had in his possession personal data linked to pretty much every resident of Austria -- about nine million people.

Read more
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Read more
Elon Musk’s Starlink satellites hacked by $25 homemade device
A Starlink dish next to an RV.

A $25 hacking tool that can seemingly breach Starlink’s internet terminals has been revealed by a security researcher.

As reported by Wired and Gizmodo, Lennert Wouters, who works at Belgian university KU Leuven, showcased how to infiltrate the satellite dishes at the Black Hat Security Conference.

Read more