One of my favorite things about the internet is being able to access so much helpful information. Of course, Komando.com is the best resource online for tech information. I also like visiting sites that give me ideas on things to do and places to go. They are great for answering questions like, what are the best restaurants in my area?
Unfortunately, these sites don't always have the greatest security protocols. Now, a popular restaurant app has been hacked and millions of users' information was stolen.
Has your personal info been stolen?
We're talking about one of the world's largest restaurant search and discovery services, Zomato. It's a website and app that lets users search for restaurants, read customer reviews and even order food for delivery. The company operates in 23 countries around the world and receives nearly 120 million visits per month by its users.
Zomato just announced that it is the victim of a massive data breach. A hacker was able to access its customer database and steal over 17 million users' information. The hacker then posted the stolen data on the Dark Web for sale.
The stolen data includes:
- Email addresses
- User IDs
- Hashed passwords
The good news is, users' payment information was stored in a different location than the stolen data and was not part of the hack. A company spokesperson said the vulnerability that the hacker exploited has been patched and the site should be secure in the future.
However, you should proceed with caution. It's a good idea to use a secondary email address for generic sites like this, one that you don't use on a daily basis.
Zomato customers are being urged to change their passwords immediately. If you were using the same password on multiple sites you need to change them as well. Continue reading for more security steps that you need to follow after a data breach like this.
What you must do after a data breach
- See if you've been hacked - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data have been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.