Popular restaurant app Zomato says the records of about 17 million users have been stolen in a security breach.
The Indian startup, which covers more than one million eateries across 24 countries, said Thursday that names, email addresses and encrypted passwords were taken from its database.
The company, which competes with Yelp (YELP), reassured affected customers that no payment information or credit card details were stolen.
Zomato said the security measures it uses ensure the stolen passwords can't be converted back into normal text, but it still urged users who use the same password on other services to change them. It also logged the affected users out of the app and reset their passwords.
Related: India's startup bubble has already burst
The Indian startup said the theft was "a recent discovery," but it didn't specify when it happened.
"So far, it looks like an internal (human) security breach - some employee's development account got compromised," the company said in a blog post, without providing further details. It didn't immediately respond to a request for more information.
It promised it would be "actively working to plug any more security gaps that we find in our systems" in the coming days and weeks.
Founded in 2008, Zomato says 120 million users visit it every month. After expanding across countries in Asia, Europe and South America, the startup bought Urbanspoon in 2015 to gain access to the U.S. and Australian markets.
Zomato is valued at around $1 billion, according to data from CB Insights.
-- Medhavi Arora contributed to this report.