Its sad, but someone, somewhere on the Dark Web will now be privy to all your eating habits, or at least the one that Zomato knows about.
For the uninitiated, Zomato is an Indian food start-up that started in 2008. The search engine for food, restaurant and online delivery portal, thats now has an app as well, has almost 12 million customers every month. Zomato is not only a popular guide to eateries across India, but in 22 other countries as well. For millennials, Zomato is almost as essential as the Yellow pages were back in the day.
But, coming back to the topic, Zomato has now been hacked and the data of close to 17 million users have been stolen, and put out on sale on the Dark Web. First reported by HackRead late on Wednesday night (May 17), the report suggested that an online handle nclay claimed to have hacked Zomato and was selling the stolen data (of 17 million registered users) on a Dark Web marketplace.
Wait. What is the Dark Web?
The Surface Web is anything that a search engine can find, while the Deep Web is anything that a search engine cant find. The Dark Web is a small portion of the Deep Web that has been intentionally hidden and is inaccessible through standard web browsers.
The most famous content that resides on the Dark Web is found in the TOR (The Onion Router) network. The TOR network is an anonymous network that can only be accessed with a special web browser, called the TOR browser. This is the portion of the Internet most widely known for illicit activities because of the anonymity associated with the TOR network.
Back to Zomato
The database includes emails and "hashed" password of registered Zomato users, and is being sold for 0.5587 Bitcoin (almost Rs 65,000). The vendor nclay also provided a sample of the data to prove his claim.
On May 18, Zomatos CTO Gunjan Patidar published a blog post acknowledging the hack. Trying to avoid panic and setting facts straight, Patidar says, The hashed password cannot be converted back to plain text so the sanctity of your password is intact in case you use the same password for other services.
But he also cautioned users to change their passwords in any case and to change the passwords for other services, just in case they happen to be the same. This is so because, while they are difficult to crack, it is never prudent to assume complete faith in the abilities of hackers.
This is kind of why everyone should have different (and complex) passwords for different accounts and everyone should use a password manager to keep track of stuff. Seriously, its not that difficult a thing to do.
More importantly, and to the relief of millions of customers, Zomato has assured that payment related information on the site which is stored separately in a highly secure PCI Data Security Standard (DSS) compliant vault has not been leaked. So, your bank details and credit card details on Zomato are safe. Whew!
Continuing with the assurances, Patidar said, Over the next couple of days and weeks, well be actively working to plug any more security gaps that we find in our systems. Well be further enhancing security measures for all user information stored within our database, [and] a layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach.
Of course, despite the assurances from the company, it is a little difficult to maintain calm. In a company thats as huge as Zomato, a hack of this size is pretty worrisome. In fact, this is not the first time something like this has happened to the food start-up. In 2015, an ethical hacker, Anand Prakash who has also helped discover security bugs on Facebook and Uber managed to breach Zomato'sdatabase and managed to highlight a critical flaw in its data recall system. The white hat hacker later reported the details of the security flaws to Zomato.
We should be concerned
Hacks and cyber attacks, in an age when we are becoming increasingly more dependent on the internet, is a big problem. While it is, without a doubt, a companys responsibility to safeguard user data, the users themselves cannot simply wash their hands off any responsibility. The fact is, your data is only as safe as you choose for it to be.
In an increasingly more data-vulnerable world, it is always prudent to keep your passwords different, complex and keep changing them periodically. It is also up to you, as a consumer to choose security over convenience. Yes, it is easy to save information related to your banking/debit card or credit card details on vendor websites/apps. It saves you the pain of having to input it every time you use the given service. But isnt security a bigger worry than having to type in a 16-digit number?
The Zomato breach may not have been a harmful one or so it seems as of now but this is neither the first major hack we have witnessed in this country in the last few months, nor is this going to be the last. Both companies and users really need to get their security priorities in place.
Also read -India highly unsafe from global ransomware cyber attack: Here's what you need to do
Continue reading here:
A hack has put data of 17 million Zomato users at risk: Should India be worried? - DailyO
- 3 ways to browse the web anonymously - We Live Security - January 27th, 2020
- What is a Bitcoin mixer and how does it work? - CryptoTicker - January 27th, 2020
- Digital surveillance threats for 2020 - The Star, Kenya - January 18th, 2020
- Teejayx6 Will Steal Your Identityand Rap About It - WIRED - December 2nd, 2019
- Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24 - December 2nd, 2019
- Smart users guide to the snooping game - Livemint - November 17th, 2019
- Privacy on your smartphone: how to protect your data - AndroidPIT - November 17th, 2019
- BBC News heads to the dark web with new Tor mirror - The Verge - October 27th, 2019
- The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin - October 27th, 2019
- Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation - October 27th, 2019
- OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer - October 16th, 2019
- #SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine - October 16th, 2019
- Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm - August 25th, 2017
- If you're really concerned about browser security, Incognito isn't enough - TechRepublic - August 20th, 2017
- The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice - August 20th, 2017
- Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET - August 18th, 2017
- Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox - August 16th, 2017
- Tor Browser 7.0.4 Download - TechSpot - August 14th, 2017
- Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release) - August 11th, 2017
- Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin - August 10th, 2017
- China and Russia go further in squelching Internet freedom - Washington Post - August 10th, 2017
- The FBI Booby-Trapped a Video to Catch a Suspected Tor ... - Motherboard - August 9th, 2017
- Major Improvements Are Coming Soon to the Tor Browser - The Merkle - August 8th, 2017
- The Attack on Global Privacy Leaves Few Places To Turn - WIRED - August 4th, 2017
- Tor Co-Founder: There Is No Dark Web The Merkle - The Merkle - August 3rd, 2017
- Online privacy protection - Choice - CHOICE - August 2nd, 2017
- There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes - July 31st, 2017
- How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News - July 29th, 2017
- How to get around an ISP blocking a website - MyBroadband - July 26th, 2017
- Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog) - July 26th, 2017
- Tor network will pay you to hack it through new bug bounty program ... - ZDNet - July 21st, 2017
- Tor Project to launch public bug bounty project - CIO Dive - July 21st, 2017
- How to access the dark web - The Daily Dot - July 20th, 2017
- Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC - July 20th, 2017
- Want porn? Prove your age (or get a VPN) Naked Security - Naked Security - July 20th, 2017
- Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post - July 19th, 2017
- S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune - July 19th, 2017
- Assassins and child porn; a darknet offers everything - The Slovak Spectator - July 19th, 2017
- Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News - July 18th, 2017
- The best security apps to lock down your Android phone - The Daily Dot - July 14th, 2017
- Mozilla is held to a higher standard - Ghacks Technology News - July 14th, 2017
- Privacy blunder? Firefox's Get Add-ons page uses Google Analytics - Ghacks Technology News - July 13th, 2017
- Russia, China vow to kill off VPNs, Tor browser - The Register - July 11th, 2017
- How to safely search the deep web - The Age - The Age - July 11th, 2017
- ACLU's Gillmor on privacy: 'We pay for what we value' (Q&A) - The Parallax (blog) - July 10th, 2017
- What is Tor browser, and is it safe? | Komando.com - July 7th, 2017
- Darknet 101: Your guide to the badlands of the internet - CNET - CNET - July 5th, 2017
- In Reporting on North Korea, Tech Helps Break Through Secrecy - New York Times - July 5th, 2017
- How to safely search the deep web - The Sydney Morning Herald - July 5th, 2017
- TOR Browser - darkwebnews.com - July 5th, 2017
- How To Search The Deep Web Safely - Gizmodo Australia - July 5th, 2017
- Burleson man convicted of accessing child porn from dark website - Fort Worth Star Telegram - July 4th, 2017
- Here Brazilian Journalists Learn Privacy for Themselves and Their Sources - Brazzil.com - June 30th, 2017
- Purism aims to push privacy-centric laptops, tablets and phones to market - Computerworld - June 29th, 2017
- Brazilian site teaches journalists how to protect sources and personal data from digital attacks - Knight Center for Journalism in the Americas (blog) - June 29th, 2017
- The best ways to make your search private in 2017 - KnowTechie - June 28th, 2017
- Bill regulating online anonymizers unanimously passes first ruling in Russian Duma - Washington Times - June 24th, 2017
- The Burger King Ad That Activated Google Home Just Won A Prestigious Award - XDA Developers (blog) - June 24th, 2017
- Mozilla's new Android browser blocks ads and trackers - Boing Boing - June 22nd, 2017
- Secure OS Tails 3.0 Launches With Debian 9 Base, Redesigned ... - Tom's Hardware - June 15th, 2017
- Tails OS hits version 3.0, matches Debian's pace but bins 32-bit systems - The Register - June 14th, 2017
- Tor Browser 7.0 is released | The Tor Blog - June 10th, 2017
- Tor Browser 7.0 works harder to protect your anonymity on its own - Engadget - June 10th, 2017
- Tor Browser 7.0 released - gHacks Tech News - Ghacks Technology News - June 8th, 2017
- Tor Browser 7.0 arrives with multiprocess mode, content sandbox, and Unix domain sockets - VentureBeat - June 7th, 2017
- Wikipedians Want to Put Wikipedia on the Dark Web - Motherboard - June 7th, 2017
- What The Dark Web Is And How To Access It - Komando - June 3rd, 2017
- What is Deep Web and How is it Different from Dark Web - Guiding Tech (blog) - June 1st, 2017
- If You Think WannaCry is Huge, Wait for EternalRocks - Data Center Knowledge - June 1st, 2017
- DOJ, FBI Executives Approved Running a Child Porn Site - Motherboard - May 30th, 2017
- What is Tor, How It Works And Where to Download the Tor Browser? Everything You Need To Know - MobiPicker - May 30th, 2017
- WannaCry 2.0: EternalRocks author calls it quits - TheINQUIRER - The INQUIRER - May 28th, 2017
- Data For Sale: What Everyday Consumers Can Do To Keep Their Info Safe - Forbes - May 26th, 2017
- Fearing surveillance in the age of Trump, activists study up on digital anonymity - Washington Post - May 26th, 2017
- EternalRocks Attack Spreads While Using Same Exploit As WannaCry Ransomware - Yahoo News UK - May 23rd, 2017
- Tor browser for Android that is better than Orfox is in the works - Android Kenya (blog) - May 23rd, 2017
- Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS - Techzone360 - May 23rd, 2017
- This Spy App Can See If You've Visited Whistleblowing Sites on the Dark Web - Motherboard - May 20th, 2017
- Why Nigerian CIOs should care about the dark web - ITWeb Africa - May 20th, 2017
- New Jaff Ransomware Part Of Active Necurs Spam Blitz - Threatpost - May 13th, 2017