Today morning we reported how hackers named ‘nclay’ had hacked into Zomato and later the company confirmed that around 17 million user records from its database were stolen, which include emails and hashed passwords.
Now, in an another official blog post by Zomato, the company’s security team has confirmed that no damage has done to any of its users as the hackers were reportedly good guys, co-operative and Ethical Hackers. The hacking was done in order to reveal security flaws that were present in Zomato’s system.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” said Gunjan Patidar, who is part of Zomato’s Security Team.
“The hacker also gave us all the details on the way he/she got access to this database. We will post this information on our blog once we close the loopholes, so that others can learn from our mistakes,” added Gunjan.
Zomato also confirmed that only 5 data points were exposed — user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone, and most importantly, the payment information of all the users are absolutely safe.
After this incidence, Zomato has decided that it will soon launch a bug bounty program on Hackerone — bug bounty platform that connects businesses with ethical hackers and researchers. Zomato’s big bounty program will be in line with Facebook’s ‘White Hat’ program which the company is running since 2011.
For unattended, Bug Bounty is a program was created to report security flaws and bugs. These programs allow the developers to discover and resolve bugs before the general public, preventing incidents of widespread abuse. Bug bounty programs have been implemented by Facebook, Yahoo, Google, Reddit, Square, and Microsoft. Notably, no Indian internet-based company offers such program and Zomato — if launches the program, will be the first Indian Company to do so.
Meanwhile, Zomato is still discovering the loopholes unearthed by this hacking incidence till writing of this article.
Like this content? Sign up for our daily newsletter to get latest updates.