"No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," Zomato said and added so far, it looks like an internal (human) security breach -- some employee's development account got compromised.
The company has, as a precaution, reset the passwords for all affected users, logged them out of the app and website and the team at Zomato was actively scanning all possible breach vectors and closing any gaps.
The hashed password cannot be converted/decrypted back to plain text. In other words, the sanctity of password is intact in case users' use the same password for other services.
"But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," Zomato said.
"Over the next couple of days and weeks, tha company will further enhance security measures for all user information stored within our database and will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach," Zomato added.
Is Zomato hacked for first time?
This is not the first time that company has been hacked.
Zomato, in 2015, was hacked by a white hat hacker who reported the details back to the company which later addressed the weaknesses.
The details, this time, may be sold online.