Around 17 million users of the popular restaurant search platform Zomato have had their login credentials stolen by hackers and put on the dark web to be sold to criminals.
Zomato’s CTO, Gunjan Patidar, claims that User IDS, Names, Usernames, Email Addresses, and Password hashes with salt are among the information stolen in the breach.
All passwords were reset and users were required to log back into the platform following the event.
This breach was a case of a hacker wanting to scare the organization into working on their security posture by showing them what kind of vulnerabilities exist and how someone with worse intentions could do a lot of damage to their customer base.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” said Patidar.
The hacker has since removed the data from the dark web and Zomato claims “the hacker has agreed to destroy all copies of the data.”
This situation is not the case for most organizations, leaving many without any warning left to scramble and conduct damage control. To avoid this situation organizations need to implement tools like NNT’s System Hardening & Vulnerability Management solution to expose known security vulnerabilities using a wide range of CIS Benchmark hardening reports and eliminate or mitigate them before any harm can be done.
Read this article on InfoSecurity Magazine