No love lost: Zomato business unaffected by May data breach
Though a restaurant platform designed to consolidate restaurant reviews and facilitate online ordering didn’t sound like a prime target for a hack, they confirmed the breach on their blog on May 18. Zomato’s customer databases were hacked and the perpetrator accessed emails, names and hashed passwords for 17 million accounts. Though luckily payment information was not compromised.
Reportedly, the company was able to negotiate with the unnamed hacker to prevent misuse of the information, which was going to be sold on a dark web marketplace. The hacker was said to embrace ethical hacking standards and accepted to take down and destroy the data in exchange for Zomato’s sponsorship of a bug bounty program on Hackerone.
The breach involved at least 6.6 million email and password hash combinations. Password hashes are vulnerable to brute-force attacks that can potentially reveal the passwords. When considering that people tend to use the same password across many online services, data breaches can be devastating for affected users.
While Zomato has taken steps to fix the vulnerability that enabled the hacker to access their system, the problem has deeper roots. “Password-secured security solutions have quickly become outdated, leaving millions of businesses vulnerable to breaches”, said Leonardo Cooper, CEO of cyber security company Vault One. As new no-password technologies such as blockchain become the standard, security is expected to increase in both business and private environments.
Nonetheless, Zomato continues to attract attention in the ultra competitive foodtech sector. Since last year it has made great improvement toward profitability as it is getting more visitors and orders, decreasing cash burning, and surviving many other startups—all while staying away from new funding.
Even the most loved startups face setbacks they must overcome, and Zomato is no exception. While the shadow of a data leak remains a dark spot on their history, their sustained deliveries and will to survive show that users will forgive your sins—as long as you have a great product.