July 27, 2017

Zomato's rotten security sees hackers make off with 6.6 million user passwords

19 May 2017, 12:30 | Ross Houston

Zomato's rotten security sees hackers make off with 6.6 million user passwords

Zomato's rotten security sees hackers make off with 6.6 million user passwords

Apparently, the Zomato hacker has agreed to not sell all the user-names and passwords he has managed to steal, in return for the company to set up a bug bounty program! According to information security blog and news website HackRead, the data was being peddled online on the "dark web" for about $1,000. "Your payment information is absolutely safe, and there's no need to panic", Zomato said.

Assuring its users that their credit card information on Zomato is fully secure, the company said "payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault".

Zomato, which claims to have 120m monthly users, said that no financial information or other details were accessed by the hackers. Nonetheless Zomato has asked all users to change passwords for any other services where they used the same password.

"The hashed password can not be converted/decrypted back to plain text - so the sanctity of password is intact in case users' use the same password for other services", the blog post read. "We don't have passwords for these accounts -therefore, these users are at zero risk".

Good luck to Trump on moves involving Israel, Palestinians
Trump will have an opportunity to correct this mistake by going off-script when he's in Israel next week. In the northern West Bank, troops raided Tulkarem refugee camp, detaining a Palestinian.

Nicky Hayden in 'extremely critical' condition after accident in Italy
The American rider is being taken care of at the Maurizio Bufalini Hospital in Cesena but the medic's report isn't that good. Stoner and Hayden, both MotoGP World Champions, were brought together by Ducati to form one of the strongest teams in 2009.

Trump willing to try engagement with North Korea, on conditions: Seoul
A senior North Korean diplomat has said Pyongyang is also open to having talks with Washington under the right conditions. A special envoy to Russian Federation is expected to head to Moscow next week.

It reiterated that only five data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt.

"It is a good thing to see that Zomato was following a good practice of hashing the passwords before storing it on their database, but saying "The hashed password can not be converted/decrypted back to plain text" is misleading", Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS.

MediaNama has written to Zomato to confirm whether it used the outdated MD5 algorithm, and whether it stored salt values on the same server as the passwords. "This has happened in the past", Modi informed. All the user accounts were secure, it stated.

Hence, nearly all the hacked and hashed accounts were broken. Also, the identity of the hacker has been kept confidential. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like - so their passwords are safe. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. This isn't the first time though, as previously, an Indian hacker named Anand Prakash had hacked into the database to show the flaws and that was acknowledged by Zomato, with the measures taken to seal the loophole.

Other News

Trending Now

WannaCry ransomware without kill switch discovered
Instead, organizations such as the NSA should disclose computer vulnerabilities to their manufacturers, Microsoft argues. Experts said another attack could be imminent and warned people to ensure their security is up to date.

Putin Accuses US Of 'Political Schizophrenia' Over Trump And Secrets
When that ended, President Trump asked everyone to leave except Mr Comey, and he eventually turned the conversation to Gen Flynn. Putin said he could come up with "no other explanation" for why Trump was being targeted other than "political schizophrenia".

Leonardo DiCaprio splits from Nina Agdal
I can tell you that it is six years since they first met, and now the relationship apparently developed. The 42-year-old Oscar victor and the Victoria's Secret model, 25, had been together for about a year.

New Orleans Thursday weather: Mostly cloudy with chance of thunderstorms
SUNDAY NIGHT: Rain showers linger, with an overnight low temperature of 54 degrees, as a cold front moves through Kentucky. A few isolated showers continue to impact multiple locations this afternoon and into the early evening.

Mario Kart 8 Deluxe 1.1 Update Removes "Offensive" Animation
It also changes the invincibility periods after a spin-out and Mii facial expressions, according to WCCF Tech. Starting positions in online races now properly reflect the order in which players join . 8.

Celtic reach the 100-goal mark in the Scottish Premiership
A win over their nearest rivals with mean Celtic win the league by a farcical 33 points. That's why I can change it about, the players know I trust them in their work.

Pool Infections Linked to Parasitic Poop on the Rise (MMWR)
One study suggested a big water park pool with 1,000 unwashed preschoolers could contain 22 pounds of fecal matter, Hlavsa said. Rinse off in the shower before getting in the water to help remove any germs on your body that could contaminate the water.

Gisele Bundchen: Tom Brady had a concussion a year ago
The NFL requires teams to list injuries to players and how it might impact their status for the upcoming game. Bundchen did not clarify when her husband suffered a concussion or whether it was medically diagnosed.

Saudi Arabia, Russia Back OPEC's Oil Output Cut in Joint Statement
Meanwhile, the price for June futures of West Texas Intermediate (WTI) has grown by 2.49 percent and stood at $49.03 per barrel. The feature in the marketplace early this week is a continuation of the recent rally in the crude oil market.

Wizards defense falls apart in second half of Game 7
I mean this stat line is nearly unthinkable but if anyone else has this caliber team and is putting up these numbers its Wall. With the win, Washington would snap the second-longest conference finals drought in National Basketball Association history.