Zomato has suffered a massive security breach with over 17 million user records stolen from the food-tech company's database
A day after Zomato’s website was hacked, the food-tech company has said that the hacker has agreed to destroy all copies of the data and take them off the dark web marketplace after the company agreed to run a bug bounty programme for security researchers.
Zomato has suffered a massive security breach with over 17 million user records stolen from the food-tech company's database.
Zomato in a blogpost said, “The hacker has been very cooperative with us...his/her key request was that we run a healthy bug bounty program for security researchers. The company will be introducing a bug bounty program on Hackerone."
According to the company, the marketplace link which was being used to sell the data on the dark web is also reportedly no longer available.
It further stated, “We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users.”
According to the blog, “About 6.6 million users had password hashes in the leaked data. Only 5 data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone.”
Deepinder Goyal, Founder, Zomato, tweeted, "60% of users use Goog/FB for logging in to Zomato. We don’t have passwds for these accounts - therefore, these users are at zero risk."
For other users, Zomato will be reaching out to get them to update their password on all services where they might have used the same password.