June 20, 2018

Zomato's rotten security sees hackers make off with 6.6 million user passwords

19 May 2017, 12:30 | Ross Houston

Zomato's rotten security sees hackers make off with 6.6 million user passwords

Zomato's rotten security sees hackers make off with 6.6 million user passwords

Apparently, the Zomato hacker has agreed to not sell all the user-names and passwords he has managed to steal, in return for the company to set up a bug bounty program! According to information security blog and news website HackRead, the data was being peddled online on the "dark web" for about $1,000. "Your payment information is absolutely safe, and there's no need to panic", Zomato said.

Assuring its users that their credit card information on Zomato is fully secure, the company said "payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault".

Zomato, which claims to have 120m monthly users, said that no financial information or other details were accessed by the hackers. Nonetheless Zomato has asked all users to change passwords for any other services where they used the same password.

"The hashed password can not be converted/decrypted back to plain text - so the sanctity of password is intact in case users' use the same password for other services", the blog post read. "We don't have passwords for these accounts -therefore, these users are at zero risk".

Trump claims 'witch hunt'; GOP puts hope in special counsel
The White House counsel was notified after the special counsel order was signed and soon before it was publicly announced. Marco Rubio said he believes the two investigations will be able to exist side-by-side.

Putin Accuses US Of 'Political Schizophrenia' Over Trump And Secrets
When that ended, President Trump asked everyone to leave except Mr Comey, and he eventually turned the conversation to Gen Flynn. Putin said he could come up with "no other explanation" for why Trump was being targeted other than "political schizophrenia".

NSA Told Microsoft of Flaw Before Ransomware Attack
The ransomware is widely believed to be based on an alleged NSA hacking tool leaked by the group Shadow Brokers earlier this year. And, she says because there are multiple variants of the WannaCry ransomware , it is still a very serious worldwide cyber threat.

It reiterated that only five data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt.

"It is a good thing to see that Zomato was following a good practice of hashing the passwords before storing it on their database, but saying "The hashed password can not be converted/decrypted back to plain text" is misleading", Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS.

MediaNama has written to Zomato to confirm whether it used the outdated MD5 algorithm, and whether it stored salt values on the same server as the passwords. "This has happened in the past", Modi informed. All the user accounts were secure, it stated.

Hence, nearly all the hacked and hashed accounts were broken. Also, the identity of the hacker has been kept confidential. In addition, the firm claimed that 60% of its user base actually logs in via OAuth services, using Google and Facebook and the like - so their passwords are safe. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. This isn't the first time though, as previously, an Indian hacker named Anand Prakash had hacked into the database to show the flaws and that was acknowledged by Zomato, with the measures taken to seal the loophole.

Other News

Trending Now

See Chris Cornell play Soundgarden hits at his final show
The statement said the family would be working closely with the medical examiner to determine the cause and asked for privacy. Tuesday, Soundgarden posted archival footage of the bandmates , including Cornell, getting a bite to eat while on the road.

Korean officials meet in attempt to fix ties
But a senior North Korean diplomat has said Pyongyang was open to having talks with Washington under the right conditions . Kim said North Korea would stage more nuclear and missile tests in order to flawless nuclear bombs needed to deal with U.S.

New Orleans Thursday weather: Mostly cloudy with chance of thunderstorms
SUNDAY NIGHT: Rain showers linger, with an overnight low temperature of 54 degrees, as a cold front moves through Kentucky. A few isolated showers continue to impact multiple locations this afternoon and into the early evening.

Good luck to Trump on moves involving Israel, Palestinians
Trump will have an opportunity to correct this mistake by going off-script when he's in Israel next week. In the northern West Bank, troops raided Tulkarem refugee camp, detaining a Palestinian.

Trump's visit 'to boost Riyadh-Washington bilateral trade'
Known for his liking for familiar spaces, he's said to be reluctant to take the trip, telling aides that the schedule is too long. Due to their decades-old alliance, Saudi Arabia relies heavily on the United States for security and other issues.

Big man leads Celtics to big win in series decider
Raise your hand if you thought the Washington Wizards would be eliminated in Game 7 thanks to an epic performance by Kelly Olynyk. Thomas spent the last few days talking about how legends are made in Game 7 , and that proved to be right.

UK Labour's main union backer can't see party winning election
So I believe in these next few weeks, we can do it". "Jeremy Corbyn can't deliver any of this", a Tory spokesman said. He suggested winning 200 seats - almost 30 fewer than in 2015 - would be a "successful" result for Mr Corbyn.

Trump willing to try engagement with North Korea, on conditions: Seoul
A senior North Korean diplomat has said Pyongyang is also open to having talks with Washington under the right conditions. A special envoy to Russian Federation is expected to head to Moscow next week.

Investigators Raid Homes Of Indian Ex-Finance Minister, Son
It was also mentioned that though the company did not have approval for 26 per cent for the downstream investment it has done so. It was then the company engaged the services with Chess Management Service Pvt Ltd, which has Karti Chidambaram as its promoter.

Trump Knew Michael Flynn Was Under Investigation Before He Started The Job
The transition's legal team and Flynn's attorney discussed the ongoing investigation again two days later. Weeks after his firing, Flynn retroactively registered with the Justice Department as a foreign agent.