The stolen information contains user email addresses and 'hashed' passwords but no payment information or credit card data has been stolen/leaked, Zomato said in a blogpost on its website.
The startup's disclosure comes at a time when the world is grappling with the cyber attack by ransomware 'WannaCry', which has impacted IT networks in over 150 countries.
Zomato said the data theft was discovered recently by its security team, without indicating the exact time or if it was related to the 'WannaCry' ransomware attack.
Assuring its users that their credit card information on Zomato is fully secure, the company said "payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault".
Also Read
As a precaution, Zomato said it has reset passwords for all affected users and logged them out of its app and website and all of the user accounts were secure.
Zomato said over 120 million users visit its site every month.
The company said it will be actively working to plug any more security gaps in its systems.
Disclaimer: No Business Standard Journalist was involved in creation of this content