Massive Zomato data breach leaves 17 million e-mail addresses exposed

Massive Zomato data breach leaves 17 million e-mail addresses exposed

A suspected hacker has stolen as many as 17 million e-mail addresses from Zomato, a popular food delivery app in India.

Zomato has stressed that passwords and financial information of all users are secure and that the data breach was caused due to human error.

Zomato is a very popular food delivery app in India with over 120 million users and supports as many as 18,000 restaurants. This morning, the company confirmed that 17 million user records were stolen from its database which included e-mail addresses and hashed passwords. The company also confirmed that no payment information or credit card data were stolen or leaked.

Human error most likely to lead to data breaches for SMEs

Zomato said that the cause of the breach was human error with the hacker gaining access to an employee’s development account. While the hacker has the e-mail addresses in his possession, Zomato stresses that the hashed passwords are of no use to him as they cannot be converted back to plain text since the company uses a one-way hashing algorithm which adds multiple hashing iterations in every password.

Zomato data breach

Image source:

The company also stressed that all payment information including credit card details of customers are stored separately in a highly secure PCI Data Security Standard (DSS) compliant vault and that the hacker has not been able to access the vault. After discovering the data breach, Zomato has reset passwords of all users and has logged them out from its app and website.

Human error behind nearly two thirds of data breaches, ICO figures show

According to the Economic Times, the hacker behind the Zomato data breach goes by the name of ‘nclay’ and has claimed that he/she will sell all 17 million e-mail addresses along with hashed passwords on the dark web for 0.5587 Bitcoins which is equivalent of $1,001.43.

To prevent human error from causing further data breaches, Zomato said it is adding an extra layer of authorisation for internal teams having access to customer data. The company is also enhancing security measures to protect all data stored in its servers.

The Human Factor: The hidden cyber security vulnerability inside every business

Back in 2016, statistics obtained by Egress Technologies from the Information Commissioner’s Office revealed that human error accounted for 62 per cent of breaches. Of these, 17 per cent of breaches were caused by data being posted or faxed to the wrong recipient, 17 per cent stemmed from the loss or theft of paperwork and nine per cent involved data being emailed to the wrong recipient.

“Human error and data breach incidents continue to go hand-in-hand,” said Egress CEO Tony Pepper. “Time and again we’re faced with this reality and yet as today’s statistics show, little effective action seems to have been taken to improve the situation. Clearly at a board level, mistakes continue to be made as priorities aren’t balanced, leaving companies exposed.”

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]