It was clarified later that the "hacker" was a security professional who put up all that data on the Dark Web to draw Zomato's attention to loopholes in its systems.
Edit - Turns out the OP's article mentions the same thing. Might as well confess a personal bias - every time I see a Daily Mail article, I can't help but think about how they served as a Nazi mouthpiece for years before the war, so all their stuff's got to be inaccurate/biased.
I agree, but as someone who hates daily mail because I don't find it credible nor to have much depth; it does speak them being historically pretty shit as wel
To clarify, the hacker was actually a researcher who put the data online to draw Zomato's attention of a vulnerability he'd disclosed to them more than a year ago.
Here's the more interesting part: As per some sources the data used MD5 with a 2(!) character salt.
A security researcher listed data they'd stolen through a security exploit on the dark web so they could bring it to your attention?
Am I the only one thinking this seems incredibly questionable on an ethical level?
What would he have done if you hadn't seen the data was for sale? Sold it to blackhats to exploit? Or spammers to take advantage of?
That seems like the 'researcher' was being a real sleazebag here. Forget ethical disclosure, this person is clearly going to be sued at one point or another with those sorts of practices.
Either way, sorry you went through this. Hope you learnt how to improve your security for the future after this debacle too.
http://blog.zomato.com/post/160986258541/security-update-wha...
Edit - Turns out the OP's article mentions the same thing. Might as well confess a personal bias - every time I see a Daily Mail article, I can't help but think about how they served as a Nazi mouthpiece for years before the war, so all their stuff's got to be inaccurate/biased.
reply