To clarify, the hacker was actually a researcher who put the data online to draw Zomato's attention of a vulnerability he'd disclosed to them more than a year ago.
Here's the more interesting part: As per some sources the data used MD5 with a 2(!) character salt.
A security researcher listed data they'd stolen through a security exploit on the dark web so they could bring it to your attention?
Am I the only one thinking this seems incredibly questionable on an ethical level?
What would he have done if you hadn't seen the data was for sale? Sold it to blackhats to exploit? Or spammers to take advantage of?
That seems like the 'researcher' was being a real sleazebag here. Forget ethical disclosure, this person is clearly going to be sued at one point or another with those sorts of practices.
Either way, sorry you went through this. Hope you learnt how to improve your security for the future after this debacle too.
Here's the more interesting part: As per some sources the data used MD5 with a 2(!) character salt.
EDIT: Here's some more info from Zomato's side: http://blog.zomato.com/post/160986258541/security-update-wha...