Zomato, the restaurant app, disclosed Thursday (May 18) that around 17 million users’ information has been stolen in a data breach.
According to a report in CNN, the hackers took off with the email addresses and encrypted passwords from a Zomato data base. The app covers more than one million restaurants across 24 countries and competes with Yelp. Zomato said no payment information or credit card data was taken in the data breach.
“So far, it looks like an internal (human) security breach — some employee’s development account got compromised,” the company said in a blog post, without providing further details, reported CNN. The company said the theft was a recent discovery and that it is “actively working to plug any more security gaps that we find in our systems.”
Zomato noted that security measures it has in place prevents stolen passwords from being converted back into text. It did urge users to change their passwords if they use the same password elsewhere. Customers who were affected were logged out of the app by Zomato, and their passwords were reset, noted the report.
The disclosure from Zomato comes as the world is on edge after the WannaCry virus wreaked havoc on computers around the globe this past weekend. As has been widely reported, a massive attack hit everything from the United Kingdom’s National Health Service, European automakers and Chinese firms and any number of companies across other verticals, winnowing its way through disparate countries into Saturday. Interpol had estimated over the weekend that more than 100,000 organizations across 150 nations had been hit by the attack, as reported by The Associated Press.
Reuters and others reported that the ransomware infections that hit computers worldwide likely trace their genesis to the U.S. National Security Agency, and Friday’s tally comes to more than 126,000 cases of infection. The malware that was sent had been hidden in any number of attachments in emails that had seemed legitimate, from files that spoofed invoices to job offers and other communications. The demands came in from $300 to $600 to give users back access to their machines.