Zomato assures hacker will destroy data of 17 million users; says users at zero risk

A day after Zomato suffered a security breach as its data was hacked and details of 17 million users were at risk, founder Deepinder Goyal assured of zero risk to the users.

Zomato stated they were working with the hacker to see how he carried out the hacking.

“The 'ethical hacker' - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure,” read the blog post.

Zomato stated the hacker has been very cooperative. “His/her key request was that we run a healthy bug bounty program for security researchers,” Zomato stated in a blog.

Following the events, Zomato is going to announce a bug bounty program on Hackerone.

“We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,” said Zomato.

[Repost] Your credit card info, and your addresses are fully safe and secure. (I still have my card on file on Zomato.)

— Deepinder Goyal (@deepigoyal) May 18, 2017

60% of users use Goog/FB for logging in to Zomato. We don’t have passwds for these accounts - therefore, these users are at zero risk.

— Deepinder Goyal (@deepigoyal) May 18, 2017

About 6.6 million users had password hashes in the leaked data and only five data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt.

"60% of users use Google/FB for logging in to Zomato. We don't have passwords for these accounts - therefore, these users are at zero risk," Goyal tweeted.