Hacker Steals 17 Million Zomato Users' Data, Briefly Puts It On Dark Web

Waqas reports via Hack Read: Recently, HackRead found out a vendor going by the online handle of âoenclayâ is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace. The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here's a screenshot of the sample data publicly shared by "nclay." Upon testing the sample data on Zomato.com's login page, it was discovered that each and every account mentioned in the list exists on Zomato. Although Zomato didn't reply to our email but in their latest blog post the company has acknowledged the breach. Here's a full preview of the blog post published by Zomato 7hours ago: "Over 120 million users visit Zomato every month. What binds all of these varied individuals is the desire to enjoy the best a city has to offer, in terms of food. When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. And that's something we do diligently, without fail. We take cyber security very seriously -- if you've been a regular at Zomato for years, you'd agree."

What the fuck is zomato?

[Anonymous Coward]

What the fuck is zomato?

It's a blob of restaurant review sites that it's

[waspleg]

basically trying to ape Yelp. I had never heard of it either until they bought the excellent Urbanspoon and it ceased to exist with a massive drop in quality in the Zomato husk which remained.

They would have menus/reviews from locals/restaurants by locale and known names. It has some of those things still just very poorly done compared to what I loved about Urbanspoon. I'm assuming they bought out other competitors as well to make this shitty Yelp wannabe.

Re:It's a blob of restaurant review sites that it'

[DontBeAMoran]

What the fuck is Yelp?

Re:

[Anonymous Coward]

It's like zomato.

Re:

[The123king]

It's like TripAdvisor, but crapper.

Re:

[pushing-robot]

Imagine if the Michelin Guides were written by the Mafia instead of snobbish Frenchmen.

Re:It's a blob of restaurant review sites that it'

[DontBeAMoran]

Michelin guides? Who needs a fucking guide to buy tires?

Re:

[Anonymous Coward]

Little-known fact: when Michelin started selling tires, they needed a way to encourage drivers to wear theirs out driving around to various restaurants. Hence the "Michelin guide."

Re:

[tlhIngan]

Michelin guides? Who needs a fucking guide to buy tires?

Well, Michelin created the guides to top restaurants so the French would go on road trips and thus wear out their Michelins a lot faster (and buy more tires).

That's the original reason why the Michelin guides exist Not unlike the reason why the Guinness Book of World Records exists (people would bet pints of Guinness over who did what).

Re:

[AmiMoJo]

Zamato is kind of useful. Their goal is to "help you enjoy the best food that a city has to offer", which they do by warning you which restaurants are popular with the loud mouth, selfie snap-happy tourists so you can avoid them.

Re:

[rogoshen1]

It's a utensil lacking in privilege. You're probably CIS white male, aren't you?

Re:

[Dutch Gun]

Each week I seem to learn about a helpful new online service or two thanks to their massive user data breach. Thanks Slashdot! Even better, I get a taste of the corporate-level bullshit they spout. This is a grade-a prime, four star example:

"Over 120 million users visit Zomato every month. What binds all of these varied individuals is the desire to enjoy the best a city has to offer, in terms of food. When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. And that's something we do diligently, without fail. We take cyber security very seriously -- if you've been a regular at Zomato for years, you'd agree."

If this is security "without fail", I'm thinking maybe they don't have a clear grasp on what "fail" means. Because if you've been a regular at Zomato for years, your personal data is now out there flapping in the breeze.

You say Zamato

[rsilvergun]

I say massive data breach. Let's call the whole thing off.

And nothing if value was lost

[Anonymous Coward]

"Pay us 10 bitcoin or we tell everyone you like the rigatoni at Alfredo's."

Can I just sell my credentials directly?

[Anonymous Coward]

With all these breaches it seems like it would be easier for me to just sell my credentials directly and cut out the brokerage fee.

Under the handle of âoenclayâ

[SeaFox]

Okay, I give up. What was his alias really?

SPLAT!

[The123king]

Looks like Zomato is going to become Zetchup.

Oh Urbanspoon I miss you

[kalpol]

Urbanspoon was pretty useful in new cities, to see what was around. Then Zomato came along, and things really sucked (it's funny that I can't remember now why it started to suck, because I got angry and deleted the app so quickly - i think the results changed to favor partners and it was a lot harder to search by genre, also maybe they required an account). I'm more surprised Zomato had 17 million users.