Zomato Data Breach Hits Big, Lands Reams of Data
Another day, another data breach, that’s the word out of Zomato recently as it joined the ranks of many high-profile businesses out there both targeted for and hit by data breaches. The Zomato breach managed to get information from around 17 million users total, but the good news in all this is that the actual information seized was minimal.
The reports note that hackers landed email addresses and encrypted Zomato passwords, which could be a problem if anyone figures out just how Zomato encrypted things. No payment information, including credit card data, had been seized, Zomato notes, meaning that there likely won’t be much of a problem here at all except for perhaps more spam, at least until the hackers figure out how to decrypt the passwords.
A Zomato blog post filled in users on the hack, noting that an employee’s development account had been compromised somehow, providing the necessary access point for the hackers to start seizing data. The theft was apparently recent, though Zomato wasn’t talking about just how recent, and further noted that it was “…actively working to plug any more security gaps that we find in our systems.”
Zomato took further steps beyond that, automatically logging out affected users and then resetting their passwords. Zomato also noted that those who used their Zomato password elsewhere should likely reset that password as well.
While this isn’t great news for any company—especially after the WannaCry attack last week—Zomato has clearly made the important moves here that should protect its users from significant problem.
Yes, email addresses were taken, but most everyone has a spam folder these days anyway. What problem if that gets a little more full than usual? It’s nothing to scoff at, certainly, but it likely won’t ruin any lives. Zomato’s automatic shutdown of old passwords, meanwhile, ensures that even if the encryption is beaten, it won’t do much good as they’ll basically have old keys.
Zomato so far has done quite right by its users, and that should keep most of them in the fold. Data breaches are now pretty much inevitable, so all that’s left is to respond to these incidents in the best fashion possible.