One of India’s Largest Start-Ups Suffers Major Data Breach

intelligentID | October 2, 2017

Zomato announced that their own server had been hit by a massive data breach.

Zomato announced that their own server had been hit by a massive data breach.

In another major case of lax compliance monitoring leading to dangerous loss of crucial network data, Zomato – one of India’s largest online start-up companies, posting comprehensive restaurant and amenities reviews to subscribers – announced that their own server had been hit by a massive data breach.

According to reports, approximately 17 million user records were stolen from the company’s database by an insidious attack by a malicious hacker-for-profit. The hacker stole user IDs, names, usernames, email addresses and hashed passwords. Payment information, which is stored in a separate, secure PCI Data Security Standard (DSS) compliant vault, was not affected, according to Zomato representative. Although the company revealed very few details about the attack itself, the company claimed in a corporate blog post that the incident “looks like an internal (human) security breach,” after an employee’s development account was compromised. The cybersecurity attack came following reports that a dark web vendor with the online handle “nclay” was selling Zomato user data on a cybercrime marketplace for approximately $1,000 in bitcoins, making the attack itself a deliberate incident of for-profit malice.

At Intelligent ID, we recognize that proper and diligent network monitoring of your data network’s endpoints, coupled with compliance monitoring and a keen eye on employee activity, can prevent these attacks from affecting companies far and wide.

Identity Analysis Makes All the Difference

Intelligent ID’s highly customizable rules allow for keyword identification in only the locations that concern you most to dramatically reduce false positives and excess noise. Our IID full security suite has been deliberately designed to cover every angle of your organization’s potential threat zones, and its unique functionality keeps you in full control. IID also monitors for a variety of activities taking place on the endpoint that research shows could indicate insider threat potential such as logging into web-based applications with another user’s credentials, accessing files or folders that are not job-relevant, performing bulk file actions, or unusual print activity.

With Intelligent ID’s compliance reporting tools, we can make identifying compliance gaps simple and facilitate the gathering of audit data all without ever touching a log. This makes for the quickest and most-user-friendly method of obtaining the data that you need, without any compromise to its integrity. Once Intelligent ID is configured to your specific compliance regulations it will alert and report on any violation of those policies. Not only can you see exactly which policy was violated, our innovative Identity Activity functionality will tell you when, where, how, and why the violation occurred so you can tackle the root of the issue. Moving forward, you’ll always be aware of your greatest threat zones and have the tools that your disposal to be remain both safe and preventive in the face of future risk.

With the Identity Activity tool, you’ll always be up-to-date on any potential threats to your organization’s data security and will have full intelligence in monitoring responsibility and accountability

Intelligent ID recognizes each step in a such an Insider Threat and includes multiple functionalities to address them all.

Intelligent ID is endpoint-based user monitoring and analytics software that secures organizations’ business assets by continuously monitoring and alerting management to suspect events taking place anywhere an endpoint may travel. This includes data loss or theft activity, compliance infractions, workplace liability issues, inefficient use of time and resources, infrastructure concerns, insecure file access, and more. For further information, visit us at or contact us at

Additional Resources