Global restaurant guide Zomato says hackers have stolen data on about 17 million users.
The Indian firm, which uses a digital platform to provide information, said the breach includes swathes of personal information, including email addresses and hashed passwords.
Payment-related information is safe as it was stored separately, Zomato said.
The firm said it had reset the passwords of affected users and logged them out of the app and the website.
More than 120 million users visit Zomato – an online and mobile service offering restaurant and nightlife information, including menus and photographs, in countries around the world – every month.
The firm said it had “recently” discovered that 17 million email addresses and hashed passwords had been stolen from its data base.
“The hashed password cannot be converted/decrypted back to plain text – so the sanctity of your password is intact in case you use the same password for other services,” the firm said in a security notice to its consumers.
“But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password.”
Zomato said “no payment information or credit card data has been stolen/leaked” as they were stored in “highly secure” digital vaults.
The firm said it appeared that “an internal (human) security breach” had led to the theft of the data.
Zomato is based in Gurgaon near Delhi and is active in 10,000 cities, including London and New York, across 24 countries around the world.