Popular restaurant search service Zomato has announced on its official blog that nearly 17 million customer email addresses and hashed passwords have been stolen in a recent hack. The company, which claims to have 120 million active users each month, has however asserted that financial information and other personal details remain safe (via VentureBeat).
Zomato says that the passwords should be safe because that they were hashed, meaning they are essentially a random string of characters that bear no relation to the actual password they conceal. Although the company says it has automatically reset passwords on the affected accounts, users should still change their passwords on any other online accounts that use the same password and email address combination.
“We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password,” explained Zomato’s chief technologist, Gunja Patidar, in a blog post. “This means your password cannot be easily converted back to plain text. We however, strongly advise you to change your password for any other services where you are using the same password.”
The company hasn’t given a definitive reason for this data breach but said that it appears to have been an “internal human security breach” in which an employee’s development account was compromised.
This latest breach follows a string of high-profile security breaches, including the recent Bell Canada hack which compromised over 1.9 million active email addresses, and thousands of customer names and active phone numbers.