Zomato assures hacker will destroy data of 17 million users; says users at zero risk
Zomato stated they were working with the hacker to see how he carried out the hacking.
“The 'ethical hacker' - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure,” read the blog post.
Zomato stated the hacker has been very cooperative. “His/her key request was that we run a healthy bug bounty program for security researchers,” Zomato stated in a blog.
Following the events, Zomato is going to announce a bug bounty program on Hackerone.
“We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,” said Zomato.
[Repost] Your credit card info, and your addresses are fully safe and secure. (I still have my card on file on Zomato.)— Deepinder Goyal (@deepigoyal) May 18, 2017
60% of users use Goog/FB for logging in to Zomato. We don’t have passwds for these accounts - therefore, these users are at zero risk.— Deepinder Goyal (@deepigoyal) May 18, 2017
About 6.6 million users had password hashes in the leaked data and only five data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt.
"60% of users use Google/FB for logging in to Zomato. We don't have passwords for these accounts - therefore, these users are at zero risk," Goyal tweeted.