17 million accounts' hashed passwords, emails stolen, Zomato says
May 20, 2017, 1:00:02 CEST | Wikinews

Friday, May 19, 2017 


Computing



Related articles


19 May 2017: 17 million accounts' hashed passwords, emails stolen, Zomato says
28 April 2017: Debian to shutdown public File Transfer Protocol services
8 April 2017: GNOME to be Ubuntu's default desktop environment, Canonical to stop investing in Ubuntu Phone
10 December 2016: Telegram introduces bidirectional IFTTT integration
25 November 2016: Telegram introduces blogging and instant view features


Collaborate!


Pillars of Wikinews writing
Writing an article



Yesterday, Zomato, a food ordering and restaurant finding company, announced security breach of more than 17 million accounts, via their official blog. A hacker operating under the alias nclay uploaded evidence to prove they had the stolen data — hashed passwords and emails — for sale, Hackread.com reported. Zomato later announced they contacted the hacker, who asked Zomato to organise a bug bounty programme.

The food ordering company, with 120 million monthly users, said the payment information of the users was not located with this data and was not leaked. Zomato said it uses PCI Data Security Standards.

As a security measure, all the passwords of the involved Zomato accounts were reset and all of the accounts were forcibly logged out from the application and website. The company said only hashed passwords were compromised. Hashed passwords are encrypted and, per Zomato, every password had a different "salt", for cryptographic salting was performed before hashing the original password. A "salt" is a random set of characters added before encryption to make decryption to obtain the original passkey more difficult.

The hashed password itself can not be used to access the account. In the blog post before contacting the hacker, saying "internal (human) security breach", Zomato suggested this could have happened after a worker's development account was hijacked. After contacting the hacker, and promising a bug bounty programme on Hackerone, they said, the hacker agreed and removed the stolen data which was put on sale on the dark web. Zomato said they are looking forward to working closely with the ethical hacker community on security vulnerabilities.

Source: Wikinews
Share this article:
share article on facebook share article on twitter share article on google+ share article on tumblr share article on blogger share article on reddit

Articles that may interest you:


Hundreds arrested for 'dark web' child porn b...

Thursday, October 17, 2019  Crime and law Related articles 17 October 2019: Hundreds arr...
Send us your articles and web-novels!
comments powered by Disqus
Most popular


Recently Viewed:


17 million accounts' hashed passwords, emails stolen...

Friday, May 19, 2017  Computing Related articles 19 May 2017: 17 million accounts' ha...


Printing the 1961 series II Aston Martin DB4

Mr Ivan Sentch from New Zealand has such a passion for classic cars that in the early months...


On the campaign trail in the USA, June 2016

The following is the second edition of a monthly series chronicling the U.S. 2016 presidenti...


Foreigners evacuated from Yemen by India

India's Ministry of External affairs yesterday announced the end of an evacuation effort whi...


Judge jails 'monstrous' London serial killer Stephen...

More than a year after he was first charged, a judge on Friday sentenced London serial kille...

Automotive
Reviews | Technology | Projects & Tuning | Events | Racing
Business & Technology
Business & Economy | Mobile | Internet & Media | Security & Privacy | Gadgets & Tech | Software
Lifestyle
Health, Food & Fitness | Fashion | Gardening | DIY | Homes
Society
Accidents | Crime | Culture | Finance | Politics
Science & Environment
Wildlife | Green | Space
Gaming
Reviews
Society
Accidents | Crime | Culture | Finance | Politics
Travel
MM-iNEWS
Copyright & Privacy | Site Roadmap | Sitemap | Contact
Web Development @ OverHertz Ltd
Ω