Online restaurant discovery and food ordering company Zomato on Thursday said about 17 million user records from its database were stolen.
"This means your password can not be easily converted back to plain text", the company said-an updated version of an original post that said the passwords "cannot be converted/decrypted back to plain text".
There is a clear possibility that they will be converting the hashed password into the original ones, as the rehashing process can easily convert back the hashed passwords into plain data.
The companies have also mentioned that no payment information regarding Credit Card and Debit Card has been stolen or hacked as they told in PCI Data Security Standards (DSS). The passwords were already hashed as a security precaution, meaning that they were stored as a random string of characters with no relation, more or less, to users' real passwords. Your credit card information on Zomato is fully secure, so there's nothing to worry about there. HackRead reported that the same dark web marketplace also has vendors selling around 100 million accounts from Chinese video service Youku, millions of Gmail and Yahoo accounts and millions of Bitcoin forums data, among other data sets. When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. The company, which has expanded to 23 countries since then, boasts of over 120 million monthly users. The information leaked has email addresses of users and encrypted passwords.More news: US House backs new sanctions against North Korea
Though the password is secured as per the Food-tech company, it encourages the customer to change the same passwords over other online services to avoid security risk. The company does not seem sure of how the breach happened. So far, it looks like an internal (human) security breach - some employee's development account got compromised.
The foodtech giant also claims that the team will be working to "plug any more security gaps" and enhancing security measures for all user information stored within their database.
The latest cyber attack comes at a time when experts are warning that more ransomware and malware have been unleashed after cyber criminals brought down computers across the world last weekend.