Zomato assures customer data is safe, contacts hacker to ‘destroy’ stolen info
Online food aggregator Zomato has contacted hackers to destroy the 17 million-stolen information and taking a host of security steps to prevent reoccurrence of such security breach.business Updated: May 19, 2017 13:14 IST
Online food aggregator Zomato has contacted hackers to destroy the 17 million-stolen information and taking a host of security steps to prevent reoccurrence of such security breach, the company said.
On Thursday, Zomato’s site was hacked, and email addresses and passwords were stolen from its database. However, the company assured customers that their payment and credit card data are safe and sprang into action to fortify the information base.
“One of these steps was to open a line of communication with the hacker who had put the user data up for sale,” Zomato said in a blog at its website: http://blog.zomato.com/post/160807042556/security-notice-update
The Zomato hack comes within days of the ‘WannaCry’ ransomware attack that paralysed computers across the world and interrupted working of conglomerates such as Renault, British hospitals and German railways..
Close to 120 million users visit the Zomato website for queries and ordering of food.
“With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace. The marketplace link which was being used to sell the data on the dark web is no longer available.”
Admitting that the hack was a sensitive matter as 6.6 million users had password hashes in the leaked data, which can be theoretically decrypted using brute force algorithms, Zomato said: “We will be reaching out to these users to get them to update their password on all services where they might have used the same password.”
The company clarified that only five data points were exposed--user IDs, names, usernames, email addresses, and password hashes.
“No other information was exposed to anyone. Your payment information is absolutely safe, and there’s no need to panic,” Zomato said.
The hacker requested the company to run a healthy bug bounty program for security researchers. The hacker also provided all the details on the way he or she got access to the database.
Accordingly, Zomato is introducing a bug bounty program on Hackerone very soon.