17 million user account details stolen

dc blox fast-data-access

It’s difficult to keep up with the number of hacks taking place, so only the biggest security breaches tend to get people’s attention now. 

In the latest big story, the online restaurant finding service Zomato says approximately 17 million of its users’ account details have been stolen.

The thieves got away with user email addresses and hashed passwords. But they did not manage to get payment information or credit card data – but that sort of information is generally kept elsewhere, and not on the company’s servers.

And because the passwords were hashed, it is unlikely that they will be easy to decipher. Nonetheless, ZOmato is advising users to change their passwords.

In a blog, Zomato CTO Gunjan Patidar says: “Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised.”

It may take a few days or weeks to plug the security gaps, says Patidar, who adds: “We’ll be further enhancing security measures for all user information stored within our database. A layer of authorisation will be added for internal teams having access to this data to avoid the possibility of any human breach.”

In other cyber security stories, Insider is reporting that the Starbucks app has been hacked, with users finding that their accounts are mysteriously loaded with $100 and are then used for transactions, and then get wiped.

The Register is reporting that 2 million user accounts have been stolen from Bell Canada. “There is no indication that any financial, password or other sensitive personal information was accessed,” Bell Canada said in a statement.

And perhaps the most interesting hack was the one that involved Disney. The film and entertainment giant’s forthcoming summer blockbuster – Pirates of the Caribbean: Dead Men Tell No Tales, starring Johnny Depp – is said to have been stolen.

The thieves apparently want a ransom paid in bitcoin, according to the Los Angeles Times.