According to the official company statement, user passwords were not among the data stolen, but they appear to be downplaying the issue. If the hackers were to make use of the latest password cracking technologies (and there’s no reason to think that they wouldn’t have access to them), even a long, 18-character password could be cracked in a matter of hours, regardless of the encryption the site uses.
The potential silver lining, though, is that credit card and other payment data is stored on a separate system, and was therefore not exposed during the breach. Even so, that still leaves user names, potentially user passwords and location data all available to the hackers and anyone who buys the data.
As with other large scale data breaches like this, the biggest danger comes not from the theft of the data itself, but from the ripple effect. To this day, more than 50% of ’netizins use the same password across multiple web properties.
If you use the same password on Zomato as you use to log into your bank or credit card accounts, then you are at genuine risk of falling victim to rogue transactions or full-blown identity theft.
As ever, if you’re a user of the site, the first, best recommended course of action is to change your password immediately, and do the same for any other accounts which may use the same password.