Online restaurant guide and food ordering app Zomato will be reaching out to 6.6 million users, whose ‘hashed’ passwords could be “theoretically decrypted” in order to get them to update their account security.
The company had reported Thursday that about 17 million user records have been stolen from its database, which included user email addresses and ‘hashed’ passwords but no payment information or credit card data. “6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms,” Zomato said in a blog post.
A hashed password is series of random-looking characters used by companies for security purpose to protect users.
The company will be reaching out to these users to get them to update their password on all platforms where they might have used the same password, the report added.
Zomato said it had contacted the hacker who had put up the stolen data for sale. The hacker apparently agreed to destroy all copies of the stolen data and remove it from the dark web marketplace.
The key demand of the hacker was to introduce a bug bounty programme on Hackerone for security researchers to which the startup has agreed, the report said.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps,” Zomato said.
The post Zomato to contact 6.6 crore hacked users to update their passwords appeared first on KnowStartup.