17 million accounts' hashed passwords, emails stolen, Zomato says
May 20, 2017, 1:00:02 CEST | Wikinews
May 20, 2017, 1:00:02 CEST | Wikinews
Friday, May 19, 2017 
Computing
Related articles
19 May 2017: 17 million accounts' hashed passwords, emails stolen, Zomato says
28 April 2017: Debian to shutdown public File Transfer Protocol services
8 April 2017: GNOME to be Ubuntu's default desktop environment, Canonical to stop investing in Ubuntu Phone
10 December 2016: Telegram introduces bidirectional IFTTT integration
25 November 2016: Telegram introduces blogging and instant view features
Collaborate!
Pillars of Wikinews writing
Writing an article
Yesterday, Zomato, a food ordering and restaurant finding company, announced security breach of more than 17 million accounts, via their official blog. A hacker operating under the alias nclay uploaded evidence to prove they had the stolen data — hashed passwords and emails — for sale, Hackread.com reported. Zomato later announced they contacted the hacker, who asked Zomato to organise a bug bounty programme.
The food ordering company, with 120 million monthly users, said the payment information of the users was not located with this data and was not leaked. Zomato said it uses PCI Data Security Standards.
As a security measure, all the passwords of the involved Zomato accounts were reset and all of the accounts were forcibly logged out from the application and website. The company said only hashed passwords were compromised. Hashed passwords are encrypted and, per Zomato, every password had a different "salt", for cryptographic salting was performed before hashing the original password. A "salt" is a random set of characters added before encryption to make decryption to obtain the original passkey more difficult.
The hashed password itself can not be used to access the account. In the blog post before contacting the hacker, saying "internal (human) security breach", Zomato suggested this could have happened after a worker's development account was hijacked. After contacting the hacker, and promising a bug bounty programme on Hackerone, they said, the hacker agreed and removed the stolen data which was put on sale on the dark web. Zomato said they are looking forward to working closely with the ethical hacker community on security vulnerabilities.
Source: Wikinews
Computing
Related articles
19 May 2017: 17 million accounts' hashed passwords, emails stolen, Zomato says
28 April 2017: Debian to shutdown public File Transfer Protocol services
8 April 2017: GNOME to be Ubuntu's default desktop environment, Canonical to stop investing in Ubuntu Phone
10 December 2016: Telegram introduces bidirectional IFTTT integration
25 November 2016: Telegram introduces blogging and instant view features
Collaborate!
Pillars of Wikinews writing
Writing an article
Yesterday, Zomato, a food ordering and restaurant finding company, announced security breach of more than 17 million accounts, via their official blog. A hacker operating under the alias nclay uploaded evidence to prove they had the stolen data — hashed passwords and emails — for sale, Hackread.com reported. Zomato later announced they contacted the hacker, who asked Zomato to organise a bug bounty programme.
The food ordering company, with 120 million monthly users, said the payment information of the users was not located with this data and was not leaked. Zomato said it uses PCI Data Security Standards.
As a security measure, all the passwords of the involved Zomato accounts were reset and all of the accounts were forcibly logged out from the application and website. The company said only hashed passwords were compromised. Hashed passwords are encrypted and, per Zomato, every password had a different "salt", for cryptographic salting was performed before hashing the original password. A "salt" is a random set of characters added before encryption to make decryption to obtain the original passkey more difficult.
The hashed password itself can not be used to access the account. In the blog post before contacting the hacker, saying "internal (human) security breach", Zomato suggested this could have happened after a worker's development account was hijacked. After contacting the hacker, and promising a bug bounty programme on Hackerone, they said, the hacker agreed and removed the stolen data which was put on sale on the dark web. Zomato said they are looking forward to working closely with the ethical hacker community on security vulnerabilities.
Source: Wikinews
Articles that may interest you:
Hundreds arrested for 'dark web' child porn b...
Thursday, October 17, 2019 Crime and law Related articles 17 October 2019: Hundreds arr...Most popular
Recently Viewed:
17 million accounts' hashed passwords, emails stolen...
Friday, May 19, 2017 Computing Related articles 19 May 2017: 17 million accounts' ha...
Printing the 1961 series II Aston Martin DB4
Mr Ivan Sentch from New Zealand has such a passion for classic cars that in the early months...
On the campaign trail in the USA, June 2016
The following is the second edition of a monthly series chronicling the U.S. 2016 presidenti...
Foreigners evacuated from Yemen by India
India's Ministry of External affairs yesterday announced the end of an evacuation effort whi...
Judge jails 'monstrous' London serial killer Stephen...
More than a year after he was first charged, a judge on Friday sentenced London serial kille...