Here is an excerpt from the blog post, written by Zomato CTO Gunjan Patidar:
“The reason you’re reading this blog post is because of a recent discovery by our security team – about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords.
The hashed password cannot be converted/decrypted back to plain text – so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password.
Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS)-compliant vault. No payment information or credit card data has been stolen/leaked.
As a precaution, we have reset the passwords for all affected users and logged them out of the app and website. Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised.”
The blog post also went on to detail how Zomato plans to cope with the crisis. “Over the next couple of days and weeks, we’ll be actively working to plug any more security gaps that we find in our systems. We’ll be further enhancing security measures for all user information stored within our database. A layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach,” detailed Patidar.