Since 2015 the Dark Web marketplaces have been flourishing. From drugs, weapons, databases, fake documents to all sorts of illegal stuff are available for anyone at anytime. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.

The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”


Upon testing the sample data on Zomato.com’s login page, it was discovered that each and every account mentioned in the list exists on Zomato.


We tried to send a password reset email to some of the email addresses in the data which further revealed that they are registered with Zomato. Here’s a screenshot showing reset email successfully going to one of the users.

“The data was stolen this month and this year, May 2017,” hacker told HackRead.


An email was also sent to Zomato from HackRead.com along with the sample data explaining about the incident. We also requested the company to confirm whether Zomato suffered a data breach or not. But, at the time of publishing this article, there was no response from the company.

It must be noted that Zomato already has an existing bug bounty program however the security researchers and hackers who report vulnerabilities only receive Hall of Fame recognition or a certificate of acknowledgment. Also, in 2015 Zomato was hacked by an Indian ethical hacker Anand Prakash, who not only discovered a critical security flaw in Zomato’s data recall system but also informed the company about the same.

Zomato is a world-renowned food and restaurant search engine giant founded by Deepinder Goyal and Pankaj Chaddah from India back in 2008. The site has over 90 million monthly visits and holds 945th rank in the world while it’s among the top 155 most visited sites in India according to Alexa ranking. Therefore, If there’s any truth in “nclay’s” claims which seemingly looks to be true, Zomato will have a busy week.

Currently, the same Dark Web marketplace where Zomato data is being sold also holds a number of vendors selling highly sensitive data stolen from tech and social media giants including anti-public combo list with billions of accounts, 100 million accounts from Chinese video service Youku, millions of accounts stolen from vBulletin forums, millions of Bitcoin forums data and millions of Gmail and Yahoo accounts with their plain-text passwords etc. 

This article will be updated upon receiving a reply Zomato. Stay tuned.

Source: http://hackread.com/
hacking leaks news security

Zomato Hacked; 17 Million Accounts Sold on Dark Web

Since 2015 the Dark Web marketplaces have been flourishing. From drugs, weapons, databases, fake documents to all sorts of illegal stuff are available for anyone at anytime. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.

The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”


Upon testing the sample data on Zomato.com’s login page, it was discovered that each and every account mentioned in the list exists on Zomato.


We tried to send a password reset email to some of the email addresses in the data which further revealed that they are registered with Zomato. Here’s a screenshot showing reset email successfully going to one of the users.

“The data was stolen this month and this year, May 2017,” hacker told HackRead.


An email was also sent to Zomato from HackRead.com along with the sample data explaining about the incident. We also requested the company to confirm whether Zomato suffered a data breach or not. But, at the time of publishing this article, there was no response from the company.

It must be noted that Zomato already has an existing bug bounty program however the security researchers and hackers who report vulnerabilities only receive Hall of Fame recognition or a certificate of acknowledgment. Also, in 2015 Zomato was hacked by an Indian ethical hacker Anand Prakash, who not only discovered a critical security flaw in Zomato’s data recall system but also informed the company about the same.

Zomato is a world-renowned food and restaurant search engine giant founded by Deepinder Goyal and Pankaj Chaddah from India back in 2008. The site has over 90 million monthly visits and holds 945th rank in the world while it’s among the top 155 most visited sites in India according to Alexa ranking. Therefore, If there’s any truth in “nclay’s” claims which seemingly looks to be true, Zomato will have a busy week.

Currently, the same Dark Web marketplace where Zomato data is being sold also holds a number of vendors selling highly sensitive data stolen from tech and social media giants including anti-public combo list with billions of accounts, 100 million accounts from Chinese video service Youku, millions of accounts stolen from vBulletin forums, millions of Bitcoin forums data and millions of Gmail and Yahoo accounts with their plain-text passwords etc. 

This article will be updated upon receiving a reply Zomato. Stay tuned.

Source: http://hackread.com/