The data of 17 million accounts of India's biggest food discovery and delivery platform Zomato have been stolen. The information leaked has email addresses of users and encrypted passwords.
A report by HackRead suggests these accounts are being sold on the dark web for $1000 by a user named 'nlcay'.
The company announced in a blog post that the incident was discovered by its security team. It said since the passwords are encrypted, there is no way these accounts can be accessed. But Zomato has still advised users to change their passwords.
Zomato said there was no attempt to access the accounts or the company's database in an unauthorised way. It emphasised that there was no compromise in the payment or financial data of its
customers.
"We can also confirm that we have found no evidence whatsoever of any of Zomato's other systems or products being affected," Zomato said in an official statement, adding that its team is actively "scanning all possible breach vectors and closing any gaps in our environment".
Although the hashed password cannot be converted back to plain text, as a safety measure, Zomato has reset the passwords for all affected users and logged them out of the app and website.
The team has assured users that it will investigate the incident further and take steps to make its database more secure.
This incident has no relation to the recent WannaCry malware attack on over 200,000 computers across the world.