India’s largest online restaurant guide, Zomato, boasts some 120 million users. If you live there, or have employees in India, they may have been impacted, as the company has just reported that some 17 million of its user base saw their personal information compromised during a recent, large scale data breach. The as yet unidentified hackers have made the stolen information available on the Dark Web.
According to the official company statement, user passwords were not among the data stolen, but they appear to be downplaying the issue. If the hackers were to make use of the latest password cracking technologies (and there’s no reason to think that they wouldn’t have access to them), even a long, 18-character password could be cracked in a matter of hours, regardless of the encryption the site uses.
The potential silver lining, though, is that credit card and other payment data is stored on a separate system, and was therefore not exposed during the breach. Even so, that still leaves user names, potentially user passwords and location data all available to the hackers and anyone who buys the data.
As with other large scale data breaches like this, the biggest danger comes not from the theft of the data itself, but from the ripple effect. To this day, more than 50% of ’netizins use the same password across multiple web properties.
If you use the same password on Zomato as you use to log into your bank or credit card accounts, then you are at genuine risk of falling victim to rogue transactions or full-blown identity theft.
As ever, if you’re a user of the site, the first, best recommended course of action is to change your password immediately, and do the same for any other accounts which may use the same password.