Zomato Hacked; Hacker Puts Up 17 Million Users' Emails and Passwords On Sale

If you ever ordered food from Zomato, You should be Worried!

India's largest online restaurant guide Zomato confirmed today that the company has suffered a data breach and that accounts details of millions of its users have been stolen from its database.

In a blog post published today, the company said about 17 Million of its 120 Million user accounts from its database were stolen.

What type of information?

The stolen account information includes user email addresses as well as hashed passwords.

Zomato claims that since the passwords are encrypted, it cannot be decrypted by the attackers, so the "sanctity of your password is intact."

It seems Zomato is downplaying the threat or unaware of the fact that these days hackers are using cloud computing, which enables them to decrypt even a 15-18 character passwords within a few hours. So there's no guarantee your passwords will not eventually get cracked.

Update: As shown in the above screenshot taken immediately after they updated their blog post, Zomato has changed its statement from "your password can not be converted/decrypted" to "can not be easily converted" back to plain text.

The updated statement now reads:

"We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password. This means your password cannot be easily converted back to plain text."

Also, Zomato stressed that the breach did not impact or compromise any payment card data, as the financial information of its customers is stored in a separate database different from the one illegally accessed.

"Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked," the company claims.

17 Million Zomato Accounts Sold on Dark Web

According to HackRead, a user going by the online moniker of "nclay," who claimed to have hacked Zomato, is selling data of 17 Million registered Zomato users on a popular Dark Web marketplace.

The vendor also shared a sample data to verify the authenticity of the leaked database and is asking for 0.5587 Bitcoins (around $1017 or ₹65,261) for the entire set of data.

Though Zomato has partnered with

 HackerOne Bug Bounty Platform, hacker preferred to put up data on sale, which indicates it could be an internal breach, instead of exploiting a flaw.

The company believes that someone from inside its organization is responsible for the security breach.

"Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach - some employee’s development account got compromised," the company said.

What should Zomato Customers do?

Customers should particularly be alert of any phishing email, which are usually the next step of cyber criminals after a breach to trick users into giving up further details like financial information.

For the obvious reasons, all customers are highly recommended to change their passwords for Zomato accounts as soon as possible, along with other websites that are using the same passwords, and choose unique passwords for different accounts.

If you can't create or remember complex passwords for different sites, you can make use of a password manager.

We have listed some good password managers for Android, iOS, Windows, Linux and Mac platform that could help you understand the importance of password manager and choose one according to your requirement.

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

WannaCry Ransomware Decryption Keys

The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively.

To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to the attacker.

But here's the kicker: WannaCry "does not erase the prime numbers from memory before freeing the associated memory," says Guinet.

Based on this finding, Guinet released a WannaCry ransomware decryption tool, named WannaKey, that basically tries to retrieve the two prime numbers, used in the formula to generate encryption keys from memory, and works on Windows XP only.

Note: Below I have also mentioned another tool, dubbed WanaKiwi, that works for Windows XP to Windows 7.

"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory." says Guinet

So, that means, this method will work only if:

• The affected computer has not been rebooted after being infected.
• The associated memory has not been allocated and erased by some other process.

"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!," Guinet says.

"This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API."

While WannaKey only pulls prime numbers from the memory of the affected computer, the tool can only be used by those who can use those prime numbers to generate the decryption key manually to decrypt their WannaCry-infected PC’s files.

WanaKiwi: WannaCry Ransomware Decryption Tool

Good news is that another security researcher, Benjamin Delpy, developed an easy-to-use tool called "WanaKiwi," based on Guinet's finding, which simplifies the whole process of the WannaCry-infected file decryption.

All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd).

WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008, confirmed Matt Suiche from security firm Comae Technologies, who has also provided some demonstrations showing how to use WanaKiwi to decrypt your files.

Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system.