News in brief: 17m passwords stolen from Zomato; laptop ban from EU shelved; hackers target MPs

Your daily round-up of some of the other stories in the news

Hackers steal 17m passwords from restaurant app

Restaurant app Zomato warned its users around the world on Thursday that it had reset the passwords of about 17m of its users whose details had been stolen from the Indian start-up’s database.

Zomato, which has more than 120m users every month, moved to reassure people that no payment details had been stolen, and said that because some 60% of its users log in via third-party OAuth services such as Facebook or Google, that the company didn’t even have password details for those people. It added that for those passwords it does have, they’re protected by hashing “with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password”.

However, Zomato didn’t say which hashing algorithm it uses, and Motherboard reported on Thursday that “according to a sample of alleged Zomato data posted on the dark web, and additional samples the alleged hacker gave to Motherboard, Zomato used an outdated algorithm to hash its customers’ passwords and only took other, minimal, precautions”.

Zomato later said that the alleged hacker had been “very co-operative”, asking the company to “acknowledge security vulnerabilities in our system … his/her key request was that we run a healthy bug bounty program for security researchers”.

No laptop ban from Europe

Good news for travellers to the US from Europe: officials from the EU and the US have decided not to extend the ban on devices bigger than a smartphone in aircraft cabins, though they did say that other security measures were being considered.

The move is also good news for those who aren’t keen on the thought of an aircraft hold full of the lithium batteries of checked laptops, tablets, Kindles etc: lithium batteries have a habit of bursting into flames.

However, talks on airline safety will continue in Washington DC next week to “further assess shared risks and solutions for protecting airline passengers whilst still ensuring the smooth functioning of global air travel”, said the European Commission.

The airline industry had warned that extending the ban to flights from EU countries could cost more than $1bn in lost productivity and cause chaos at airports in the busy summer holiday period.

Lawmakers warned of hacking attempts

A small number of British MPs and their political staff were targeted in an attack by what “a senior security official” told the Financial Times was likely to have been the work of a nation state.

The threat is still present, the security official said. The MPs and their staff had been sent phishing emails designed to get them to reveal login details to accounts.

The UK’s spy agency, GCHQ, has asked Britain’s election regulator, the Electoral Commission, to warn candidates in the upcoming general election to be vigilant about the threat from hackers.

That warning comes as concerns remain about attacks on last year’s US presidential election and on the new French president Emmanuel Macron during his campaign, thought to be the work of the Russian hacking group Fancy Bear and designed to meddle in the outcome of those elections.

Catch up with all of today’s stories on Naked Security