Zomato
  • Total Records16,999,851
  • Unique Emails16,468,054
  • Unique Email Providers471,950
  • Unique Usernames337,173

Zomato Data Breach: What Happened in May 2017?

In early May 2017, Zomato—a popular restaurant search and food delivery platform—suffered a significant data breach that led to the exposure of nearly 17 million user accounts. The incident came to light when unauthorized parties gained access to parts of Zomato's database, leaking a combination of email addresses, usernames, and password hashes online. While not every exposed record contained a password hash, a large subset did, with the hashes protected using salted MD5. The breached information was shared and circulated across hacking forums, elevating concerns over user privacy and online security for millions of customers who had trusted the platform with their personal data.

Timeline of the Zomato Breach

The breach was publicly disclosed in May 2017. Evidence suggests the actual unauthorized access likely occurred close to this timeframe, with records indicating the total impacted accounts numbered just under 17 million. Once discovered, Zomato confirmed the incident and took steps to secure its infrastructure, as well as to notify affected users. Shortly after the announcement, the stolen data made its way to various online communities.

Scope of Impact and Exposed Data

This breach impacted approximately 16,999,852 unique accounts. The primary data exposed included usernames and email addresses, along with salted MD5 hashes of passwords where available. Not all records had password hashes attached, though the majority did, making the breach notable both for its scale and the sensitivity of leaked information. Importantly, no payment information or sensitive financial details appear to have been part of the compromised dataset.

How the Incident Occurred

Zomato's security team indicated that the breach stemmed from the unauthorized access of part of their database infrastructure. While the company didn't publicly share all technical details, it's clear that an attacker was able to extract and then distribute user credentials that were being stored by the service at the time. The specific methods used weren't revealed in depth, but like many similar breaches, it typically involves either exploiting vulnerabilities in web applications or weaknesses in database servers.

Frequently Asked Questions about the Zomato Data Breach

What happened in the Zomato data breach?

In May 2017, Zomato's user database was accessed by unauthorized parties, exposing nearly 17 million user accounts. Information including usernames, email addresses, and, for many users, salted MD5 password hashes was leaked and shared online.

How many users were affected in the Zomato breach?

Approximately 16,999,852 users were impacted by the Zomato breach, making it a large-scale incident in the food delivery and restaurant review sector.

What type of information was leaked in the Zomato breach?

The compromised data included usernames, email addresses, and hashed passwords (with a salt) for a substantial number of accounts. Not all records included a password hash, but most did.

How can I check if I'm in the Zomato breach?

You can check if your information was part of the Zomato breach by utilizing the DeHashed search engine.