Subscribe For Free Updates!

We'll not spam mate! We promise.

Zomato website got hacked and hacker demands a bug bounty program

zomato website hacked and hacker asks bu bounty program

The popular Food & Restaurant search engine startup Zomato website was hacked and login credentials of 17 million users were kept for sale on the dark web.According to Hackread, the data breach has happened this may 2017.Data leaked contains email ids and hashed passwords.However, data of users registered in zomato with third party services like google, facebook (via 0Auth login) are not compromised they are secure.

Initially, it was wrongly estimated as internal human security breach(by hacking developer account)by zomato team.Later got in touch with hacker and they said he is cooperative we got to know all the details how the attack happened .the hacker asked them to have bug bounty program for security researchers and they agreed to that and said very soon we will  start a bug bounty program in hackerone .

Zomato stated the same on their blog post as shown below,

The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system .His/her key request was that we run a healthy bug bounty program for security researchers.
We are introducing a bug bounty program on Hackerone very soon. With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace. The marketplace link which was being used to sell the data on the dark web is no longer available.
Source:  Zomato blog security notice

Passwords for all the accounts hacked were reset by zomato team .so now all the user data was secured.It will be really good if they start a new bug bounty program which will be a mutual benefit to hackers and the company.This move will enhance the security of their users.We advice all the startups to have bug bounty programs and prevent this kind of security breaches.

Socializer Widget By hackersstop


Post a Comment