Online restaurant guide and food ordering application Zomato on 18 May admitted to a major security breach and revealed that records of about 17 million users got stolen from its database. The app has a total of 120 million users.
The company has claimed that bank details of the customers have not been compromised as the attackers stole user-names and hashed passwords.
The data is reportedly being sold on a popular Dark Web marketplace. If the media reports are to be believed, the price for the set of the whole package is said to be $1,001.43.
Zomato has claimed in a blog post that all payment data is stored separately from the stolen data and that the information pertaining to payment or credit card has been stolen.
The company has reset passwords for all affected users. They have been logged out of the app and website. The matter is being investigated and some reports indicate towards an internal security breach.
"Over the next couple of days, we’ll be actively working to improve our security systems - we’ll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach," said Zomato.
Zomato has reassured its users that accounts have been secured and there is no cause for concern.