Online food ordering service
Zomato was hacked and data, including e-mail addresses and hashed passwords, of 17 million users was stolen during the security breach.
However, the hacker had reportedly taken off the information from the
dark web marketplace and reached a compromise with Zomato.
Deepinder Goyal, founder of Zomato, had said he would reveal the details how the website was hacked and launch a bug bounty program on Hackerone.
In a blogpost, Zomato revealed how the website was hacked.
“The hacker explained to us how he/she was able to breach our infrastructure to access a part of our database. It all started in November 2015, when 000webhost’s user database was leaked online (with plain text passwords). One of our developers had his personal hosting account with the service. As a result of 000webhost’s user account data breach, his email address and password also became available publicly,” the blog stated.
It stated, unfortunately, the developer was using the same email and password combination on Github. “Back then, when 000webhost passwords leaked, we were not using 2 factor authentication on
Github (we have been using two-factor authentication on Github since the last few months). With the login credentials for the developer, the hacker was able to use the developer’s password to get into his Github account and review one of our code repositories to which the developer had access (this happened some time last year, but for some reason the hacker only exploited the code very recently),” the blog read.
“Getting access to a part of the code didn’t give the hacker direct access to the database. Our systems are only accessible for a specific set of IP addresses. But the hacker was able to scan through the code, and he ended up exploiting a vulnerability in the code to access the database (via remote code execution). The piece of code which was vulnerable was a part of a deprecated system, and hadn’t been modified for a few years now,” the blog stated signed by Goyal.
Next Story
I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real. 
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
Stock markets stage strong rebound after 4 days of slump; Sensex rallies 599 pts
Sustainable Transportation Alternatives
10 Foods you should avoid eating when in stress
8 Lesser-known places to visit near Nainital
World Liver Day 2024: 10 Foods that are necessary for a healthy liver
