A day after online restaurant discovery and food ordering portal fell prey to a Malaysian hacker ‘nclay’, Zomato has struck an agreement with the hacker to destroy the stolen data.
Zomato faced a major security breach after personal data, including email IDs and passwords, of about 17 million accounts were left exposed by the hacker. However, it had confirmed that no financial data were leaked.
In a blog, Zomato said that as a part of the several steps to mitigate the situation had contacted the hacker, who has put up the data for sale on the dark web.
“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty programme for security researchers,” Zomato said in its blog, adding that the company will soon be introducing a bug bounty programme on Hackerone.
“...the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace,” it mentioned assuring its users that in future it would work closely with ethical hacker communities to address the security issues.
Ankush Johar, Director at Bugsbounty.com, a community powered enterprise security firm, told BusinessLine that every company, especially start-ups should run bug bounty programme and engage with hackers on regular basis to understand or find out the security breaches or vulnerabilities in their platforms if any.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.