Zomato introduces bounty programme after hackers steal data - Times LIVE
Mon May 29 13:22:15 SAST 2017

Zomato introduces bounty programme after hackers steal data

Bruce Gorton | 2017-05-19 12:25:10.0

Image by: iStock

Restaurant data base Zomato is set to introduce a bug bounty programme after a hacker stole 17 million users' data.

According to Zomato‚ the person behind the hack came forward and told them exactly how they did it‚ and agreed to delete the data in exchange for the company setting up a bounty programme for security researchers.

The data had previously been up for auction on the dark web.

"The marketplace link which was being used to sell the data on the dark web is no longer available‚" Zomato's chief technology officer Gunjan Patidar said in a blog post.

"He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps‚" Patidar said.

As a result the company will be introducing a bug bounty on Hackerone‚ a service that allows companies and security researchers to coordinate their efforts.

Zomato aren't the only ones to use the platform.

Registration is currently open for hackers who want to hack the US Air Force - with a chance of earning "thousands of dollars" for finding security flaws in their systems.

According to Zomato‚ the hacker revealed how they got access to Zomato's database‚ and they will post that information once they've closed the loopholes.

According to the company‚ five data points were exposed by the hack‚ "user IDs‚ Names‚ Usernames‚ Email addresses‚ and Password Hashes with salt".

However‚ the company has said it will be "cautious and paranoid" - and will be contacting the 6.6 million users whose password hashes were included in the data leak to get them to update their passwords on all services where they might have used the same one.


If you have an opinion you would like to share on this article, please send us an e-mail to the Times LIVE iLIVE team. In the mean time, click here to view the Times LIVE iLIVE section.