Zomato strikes deal with hacker, will introduce bug bounty programme to have stolen data destroyed
The firm said the hacker was ‘very cooperative’, and added the marketplace link that was being used to sell the data on the dark web was not available anymore.
Food and restaurant search engine giant Zomato on Thursday night said that it would introduce a bug bounty programme – a deal under which individuals can receive recognition and compensation for reporting bugs – on Hackerone (a platform that connects businesses with cyber security researchers) soon. This came hours after the website was hacked and data of 17 million users got stolen.
Zomato said that the company had directly communicated with the hacker who uses the pseudonym “nclay” and agreed to work with the ethical hacker community. “His/her key request was that we run a healthy bug bounty program for security researchers,” the company said in a blog. “With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.”
The company said the hacker was “very cooperative” during the discussions and added that the marketplace link, which was being used to sell the data on the dark web, was no longer available. The price for the whole package of stolen data was $1,001.43 (0.5587 bitcoins).
After gaining access to the copy of leaked database, Zomato once again reiterated that no payment or credit card details were stolen. “Please note that only five data points were exposed – user IDs, names, usernames, email addresses and password hashes with salt,” read the blog. “No other information was exposed to anyone.”
According to reports, Zomato already has a bug bounty programme in place. However, those who report bug or spot vulnerabilities only receive recognition or a certificate of acknowledgment, reported Hack Read.