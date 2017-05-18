Restaurant discovery and food ordering platform Zomato has reportedly suffered a security breach with over 17 million accounts of users now being sold on the dark web.

According to hackread.com, a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular dark web marketplace.

"The database includes emails and password hashes of registered Zomato users while the price set for the whole package is $1,001.43 (BTC 0.5587)," said the report

It also said that the vendor shared a trove of sample data to prove that the data is legit

Zomato provides information about restaurants in over 10,000 cities across 23 countries. It was founded by Deepinder Goyal and Pankaj Chaddah.

"We are investigating this and will keep you posted," said Deepinder Goyal in a tweet.

Important disclosure - https://t.co/sI2X8wvHgm - we are investigating this and will keep you posted. https://t.co/nYgnwoaPqF — Deepinder Goyal (@deepigoyal) May 18, 2017

Meanwhile, Zomato CTO Gunjan Patidar tweeted a disclosure on user database leak with a link explaining the breach to users.

The security disclosure reads, "The reason you’re reading this blog post is because of a recent discovery by our security team - about 17 million user records from our database were stolen. The stolen information has user email addresses and hashed passwords. The hashed password cannot be converted/decrypted back to plain text - so the sanctity of your password is intact in case you use the same password for other services. But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password."

Zomato also assured that it would be taking steps to plug any security gaps and that No payment information or credit card data had been stolen/leaked. "As a precaution, we have reset the passwords for all affected users and logged them out of the app and website," the post said.