Dark Web dealer selling 17 million accounts from popular restaurant listing site
Zomato, the popular restaurant and event listing service, has reportedly been hacked and 17 million accounts have been found listed on the dark web for sale. The data on sale includes emails and hashed passwords of Zomato users.
A dark web vendor going by the pseudonym “nclay” has reportedly claimed responsibility for the hack. HackRead reported that the vendor publicly shared a sample of the trove of stolen data. HackRead stated that a test of the sample data showed that every account mentioned on the list existed on Zomato and that the data came from registered Zomato users.
Zomato is yet to comment on the matter. The firm, which was founded in 2008 by Indian entrepreneurs Deepinder Goyal and Pankaj Chaddah, reportedly has over 90 million visitors every month and its app is considered to be highly popular in India. Alexa ratings show that it is among the top 155 most visited websites in India.
The service also has a prominent presence globally and is popular in Australia, the Middle East and some eastern European and South American countries, among others.
The undisclosed dark web marketplace where Zomato users’ accounts are currently up for sale is also home to numerous other such stolen databases. HackRead reported that the same dark web marketplace also has vendors selling around 100 million accounts from Chinese video service Youku, millions of Gmail and Yahoo accounts and millions of Bitcoin forums data, among other data sets.
Zomato has been hacked before by an Indian white hat hacker Anand Prakash, who found a critical security flaw and reported it to the firm. Zomato also has a bug bounty programme but unlike other firms, it does not hand out cash rewards. Instead, hackers receive Hall of Fame recognition or a certificate of acknowledgement.
As a precautionary measure, it is advisable that users reset their account passwords.
IBTimes UK has reached out to Zomato for further clarity on the matter but have not had response yet.