Zomato hacked; 17 million user accounts stolen

India's largest online restaurant discovery and food delivery service Zomato has admitted to a massive security breach with over 17 million user accounts stolen from its database.

The stolen information has user email addresses and hashed passwords. The company, however, noted that no payment information or credit card data has been compromised in this leak.

Passwords have been reset

While, Zomato has assured that all payment data is stored separately and that no payment information or credit card data has been stolen, "as a precaution, we have reset the passwords for all affected users and logged them out of the app and website."

"Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach - some employee’s development account got compromised," Zomato CTO Gunjan Patidar said in an official blog post.

Hacking plot of 2015

Notably, this isn't Zomato's first tryst with cyber-attack. Two years back,  a white hat hacker by the name Anand Prakash claimed to have hacked the app and reported it to highlight the flaw in Zomato’s online security.

This time, however, it doesn't appear to be a case of ethical hacking as the stolen usernames and passwords are being sold online.

Zomato says "Over the next couple of days, we’ll be actively working to improve our security systems - we’ll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach."

The case once again reignites the debate around online startups taking users' security for granted.