India’s largest Food Directory website, Zomato faced a security Breach on Thursday. The security team of the company raised the alarm as soon as they found the consequences of an incident that paved the way for unauthorized access. The hackers were able to access the account information which includes, name, email address and hashed passwords of over 17 million users.
In layman language, there was a virtual robbery in Zomato’s account and all the payment data was stolen. The company, however, claims that there was no evidence of the entry of the hackers to their vault with financial and/or credit card information.
“When payment data is stolen, it becomes easier for hackers to get access to the credit and debit card details,” said Tarun Wig, co-founder of Innefu Labs, a research oriented information security group. “More often than not, people use a single password for using their debit and credit cards for all online transactions. They are at a bigger risk.”
However, the proper consequences of this hacking would come in light after a few days time. Meanwhile, the cyber security experts say that the hacker might not only mis-utilize the data but can also blackmail the users.
It is now to see whether or not Zomato will be liable to pay a compensation to its users. “While it’s a little early to arrive at any conclusion as the incident has just occurred, there is a regulatory framework in India that makes companies accountable when there is a breach of personal information by the privacy rule notified under Section 43A of IT Amendment ACT 2008, for failure to implement reasonable security practices” said Vinayak Godse, senior director, Data Security Council of India, a Nasscom initiative.
Zomato officials are offering console over any such speculation, “All payment information on Zomato is stored in a highly secure PCI Data Security Standard (DSS) compliant vault – no payment information or credit card data has been leaked,” read an email by a Company’s spokesperson.
The team at Zomato says that they are looking for any possible gap and will act upon it instantly. “And though the hashed password cannot be converted back to plain text, as a safety measure, we have reset the passwords for all affected users and logged them out of the app and website,” the spokesperson at Zomato said.
All the users’ names and email addresses have been accessed and “the passwords are hashed and salted,” the spokesman added. Hashed passwords cannot be converted to plain text again.
Earlier in 2013 when Target Corp was hacked, it was a loss of over 40 million credit cards information. Later to settle the lawsuits with banks and credit unions, the company paid a whopping $39.4 million – as compensation.