Indian Startup Zomato, Suffers 17m User Data Breach
Zomato, the Indian startup that acquired UrbanSpoon in 2015 has suffered a massive, but contained data breach. The company serves up restaurant reviews, menu data and reservation booking services for over one million restaurants, including the US.
According to this report, the data breach was usernames and passwords. The compromised data did not include critical payment information. They went on to say that the stolen passwords were encrypted and could not be un-encrypted outside of their data systems. At the same time, they warned customers that use their Zomato password combination for other services, to change those passwords as well. They also logged out all affected users and prompted a password change as they signed back on.
The company was also careful to say that the data was not hacked or stolen but compromised. They believe that the error was internal in nature.
“So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” the company said in a blog post, without providing further details. It didn’t immediately respond to a request for more information.
They went onto say that they were working to improve security and that they would be “actively working to plug any more security gaps that we find in our systems” in the coming days and weeks.
Zomato was founded in 2008 and grew to become the largest restaurant app in the world. Their app is available in Asia, Europe, South America, Australia and the US. TechCrunch reported that Zomato acquired UrbanSpoon in 2015 for around $50 million dollars.