Top Section
Explore Business Standard
Don’t miss the latest developments in business and finance.
The marketplace link, which was being used to sell data, is no longer available, according to Zomato
After details of over 17 million users was stolen and sold online, restaurants discovery and food ordering service Zomato has vowed to beef up security measures, including adding a layer of authentication for its own employees to access user data.The company in a blog post claimed that the leak appeared to be an internal (human) security breach with an employee's development account getting compromised. However, cyber security experts pointed out that techniques used by Zomato to hide customer data from unwanted elements to hack like this was clearly lacking.Sajal Thomas, a cyber security consultant with PwC, claimed on Twitter that he verified the sample data being sold on the dark web and found that Zomato had used MD5 to hash passwords. MD5 is neither encryption or encoding, and is known to be easily cracked by attacks and suffers from major vulnerabilities.Further, he stated that Zomato had not used salting, a technique where random data is used as additional input to make ...
Records of 17 mn users up for sale on the Dark Web; Zomato says users' payment info still secure