Nearly 17 mn Zomato users' stolen data now being sold online

1. Nearly 17 mn Zomato users' stolen data now being sold online With the popular online food delivery service Zomato admitting on Wednesday that nearly 17 million records of its registered users were stolen from its database which include email addresses and hashed passwords, the data is now being sold on a popular Dark Web marketplace. According to information shared on Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato. "The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587).

2. The vendor also shared a trove of sample data to prove that the data is legit," the report said. "The data was stolen this month and this year, May 2017," hacker told HackRead. Zomato, that has over 120 million users, however said that all the payment records were safe. READ THIS: GST Council clears all 9 rules for new tax regime at Srinagar meeting "No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," the company wrote in a blog post. "So far, it looks like an internal (human) security breach -- some employee's development account got compromised," the post said. Zomato said it has reset the passwords for all affected users and logged them out of the app and website. "The hashed password cannot be converted/decrypted back to plain text -- so the sanctity of password is intact in case users' use the same password for other services," the blog post read.(READ MORE)