Data of 17 million Zomato users have been stolen from the company’s database, the biggest Indian restaurant guide said on Thursday. In a blog, the firm said hackers have gained access to usernames and hashed passwords but assured users that no payment information or credit card data has been leaked.

The firm has also reset the passwords for all affected users and logged them out of the app and website. “We can also confirm that we have found no evidence whatsoever of any of Zomato’s other systems or products being affected,” the company told NDTV over email.

A dark web vendor going by the name “nclay” has claimed responsibility for the hack, according to International Business Times. Although the company said the security breach looks like an internal one, some reports claimed that the stolen usernames and passwords are being sold online. The price for the whole package is $1,001.43 (0.5587 bitcoins), reported Economic Times.

Zomato said that it was investigating the breach. “Over the next couple of days, we’ll be actively working to improve our security systems – we’ll be further enhancing security measures for all user information stored within our database, and will also add a layer of authorization for internal teams having access to this data to avoid any human breach,” the company told NDTV.