In a major breach of its security, popular food ordering website, Zomato was hacked and data of over 1.7 crore users was stolen from the database.
Giving an update on the situation, Zomato in its blog post explained that it is working towards controlling the situation and has already contacted the hacker.
The blog explains that the hacker has been “cooperative” with them and that he will be deleting all the stolen data as his aim was to point out the vulnerabilities in the system.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers.”
The blog further mentions that the hacker also gave the company details of how he/she hacked their system and got the access. Zomato stated that 5 data points were exposed during the hack– user IDs, names, usernames, email addresses, and password hashes with salt.
It also added that the Credit/Debit card details are absolutely safe and that the customers need not worry about it.
“We are going to be cautious and paranoid..6.6 million users had password hashes in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms. We will be reaching out to these users to get them to update their password on all services where they might have used the same password.”
Meanwhile, Zomato also mentioned that they will be organizing a bug bounty program on Hackerone.
“‘We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,” it added.
(Feature image source: Zomato website)