From the last few years, dark web is getting popular for selling illegal stuff like drugs, weapons, databases, fake documents etc. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.
The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”
Folks at Hackread tested the sample data on Zomato's login page and found that each and every account mentioned in the list exists on Zomato.
“The data was stolen this month and this year, May 2017,” hacker told HackRead.
Zomato do have a HackerOne page where hackers can report flaws but hackers who report vulnerabilities only receive Hall of Fame recognition or a certificate of acknowledgment. Personally speaking, I don't have a good experience reporting flaws in Zomato. I reported them a flaw last year and now its been more than 1 year but they did not reply me about it.
What can you do if you have an account in Zomato
- If you have an account in zomato then you should change your password.
- Also Do not use same password for online accounts, else if one of the account gets compromised hackers can get into other accounts as well.
- Use a password manager