Indian Restaurant discovery and food delivery startup Zomato which got hacked ‘settled’ with hacker

  • Zomato had suffered a security breach with over 17 million user records stolen from the food-tech company’s database.
  • The stolen information has email addresses and hashed passwords of customers.
  • According to, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.
  • This included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) – BTC here stands for Bitcoins.
  • According to company no payment information or credit card data has been stolen, the company said in a note released to the press. ‘In our security investigation, we have found no evidence of unauthorized access to financial information,’ it states. ‘Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,’ it further added.
  • Following the massive data breach of sensitive records of 17 million users, Zomato is reportedly negotiated and settled with the hacker to plug the gaps in its security system and ethical hacker has agreed to delete the records and have been taken off from a dark web marketplace.
  • According to Zomato’s blogpost, the company will be introducing a bug bounty program on Hackerone on request of the hacker to boost its security.

Leave a Reply