Zomato application which is used to search and discover the restaurant was hacked on last week. Nearly 17 million users records were stolen, and they listed on the Dark Web. On a daily basis, Zomato app serves ten million users regularly. The stolen information includes the user’s email address and hashed passwords. However, the Zomato company noted that no payment information or data’s of users credit card had been compromised in this leak. It looks like Zomato hacked users details back from the dark web as the hacker was paid by Zomato company to take the listing of its client data from the Dark web.
The Zomato team paid off the hacker to make sure that information of their customers remains safe. In an official post, the Zomato team explained that the database was stolen by the ethical hacker who wants the premium for exploiting the vulnerabilities within the platform of Zomato. Zomato team said the first aim of the hacker is not to extract ransom out of the company nor to make the profit off Deep Web sales. They said that the hacker was very co-operative with the company to implement the necessary security measures to ensure that the Zomato users data remains safe.
Click here to read about Deep web and its secrets
In a blog post, the Zomato team said “Earlier today; our security team found that the user’s information like emails and passwords were stolen from our database. From then, we have taken several steps to moderate the situation. The primary step is to have open talk communication with the hacker who put the user’s data for sale. Then, he/she wanted us to acknowledge the security vulnerabilities in our system and work with the hacker community to plug the gaps. His/her request is that we run a health bug bounty program for security researchers.”
The software’s and their platforms are meant to be immutable and decentralized, even though the bug bounties are frequently offered in the sector of bitcoin and blockchain. Only small number of companies within the technology industries offer premiums to the hackers to ensure the security measures are integrated. To protect from security breaches and hacking attacks the Zomato team company announced a bug bounty program on Hackerone would be launched to incentive the ethical hackers. The Zomato team assured that the hacker agreed to destroy the remaining data’s and will comply with the requests of Zomato.
Read also Some Interesting Facts about Bitcoin
The Zomato team said only five data’s of users such as user ID, usernames, original names, email address, and passwords were hacked. These data can be changed by the users, which the Zomato recommend to his uses in its blog. Nearly 6.6 million users had a password in the leaked data, that can be decrypted by using the brute force algorithms. Further, they added, “We will be reaching out to these users to update their old password.” It remains unclear what will happen when a buyer reached out to the seller of Zomato’s 17 million users information. Finally, it is a sensible approach from the Zomato team to ensure the safety of its users and the protect the platform from future security breaches and attacks.