With the rise of "ransomware" and digital crime, another prominent and frequently visited website has confirmed yet another breach. The restaurant search and review website, Zomato, recently published a blog post that outlined a breach to their servers, which has resulted in over 17 million accounts being compromised. The company mentioned that they currently don't know how the hackers were able to penetrate their security, but that they already have a plan of action.
Compromised accounts
In Zomato's blog post, the company revealed that the 17 million user records that were stolen contained data such as email addresses and their accompanying hashed passwords.
The passwords were encrypted by multiple hashing iterations, which means that hackers will have a difficult time converting them back to plain text. However, the company still outlines that there are still several methods to crack the hashing method including using brute force algorithms.
Security Advisory
Due to this fact, the company has urged users to change the passwords of their different accounts that are using the same email and password combinations. It is quite common for users to use the same email and password combinations for different accounts on social media and other websites. Hackers could just as easily try out these combinations on different websites to get full access to user's accounts.
Dealing with the problem
According to Zomato, the hacker or group of hackers that breached their security has apparently contacted them. The interaction has reportedly been "positive" for the most part. The hackers have apparently advised the company to launch a Bug Bounty Program with the ethical hacker community in order to fix their vulnerabilities.
In exchange, the hackers have promised to delete all copies of the stolen data and remove it from deep web marketplaces. The data was at one time placed on sale, but that link has now been removed.
In response to the hack, the company has promised to start a bug bounty program on Hackerone in the coming months. Fortunately, the hackers that instigated the breach may have just wanted to teach the website a lesson about having a better security system put in place and to make legitimate money from exposing the gaps to the company to initiate a forced response. However, it is still advisable for Zomato users to change their passwords in the likely event that someone else may have gotten a hold of the data.