Zomato reportedly suffered a major security breach, causing theft of as much as 17 million user records – email ID and hashed passwords. In a latest report though, Zomato security team has confirmed that there is no theft of credit card and other payment information though.
On the confirmation, Zomato said that user payment information is stored in a separate PCI DSS (Data Security Standard) compliant safety vault and that this information is not leaked.
The breach is analyzed to have happened off a comprise on an employee’s development account, which led to the theft of user information. As a security precaution, Zomato has reset all users’ account passwords and has also logged out all users off their browser and mobile app sessions.
Zomato security team also added that they are working round the clock on fixing the gap that led to this breach. A layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach, said the team.