After the breach in security which led to leak of 17 million user data, Zomato is supposedly working with the hackers to bridge the gap in the security of it’s system.
AS per the company, “ethical hacker”, whose identity is kept hidden, just want to let the company know about the vulnerabilities in its structure and it really should be concerned about this. Additionally, the hacker has provided the thorough detail how the hacking was done and it will be made public soon by Zomato.
Hacker Has Been Cooperative
One of the blog posted on the comapany’s website stated that, “The hacker has been very cooperative with us…his/her key request was that we run a healthy bug bounty program for security researchers”. The company has given in to the demands of the hacker in exchange of removing the data from the black market of web and destroying any backups.
Bug Bounty Program Will Be Started By The Company
Zomato in it’s blog post reported that it will be coming up with a bug bounty program. This would help the company identify any vulnerability in its system. The blog post also mentioned that the link which was being used to sell the hacked data has also been taken down from the web and is no longer available.
Compay Working For Security
In blog post company also stated that, ‘We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,’ it further stated.
Which Data Were Exposed
Around 6.6 million user data had their password hidden from the data that was leaked. Data that was exposed contained user IDs, Name, Email is, Usernames and password. No other data was brought out (including payment details).
Users Who Are Not Affected
After the hacking incident, Deepinder Goyal who is the founder of Zomato made a tweet on twitter to assure the users that the users who use Facebook or Google account for logging in Zomato are of complete immunity.
He also tweeted that, “60% of users use Google/FB for logging in to Zomato. We don’t have passwords for these accounts – therefore, these users are at zero risk”.
Password Need To Be Updtaed
For the users who used other modes of logging, Zomato will connect and inspire them to reset their password on all services where they may have utilized a similar password.