On Thursday it was reported that 17 million user records from the database of one of the biggest restaurant guides worldwide — Zomato — were stolen by a hacker who has now been paid off.
With ransomware attacks on an all time high, this was a catastrophic event in the history of the company which has also taught them a meaningful lesson as the company plans to mitigate future attacks.
Zomato has announced that they’ll soon be starting a bug bounty programme called ‘Hackerone’.
Reportedly, starting a bug bounty programme for security researchers and sourcing help from ethical hackers to fix any bugs in their system was few of the main demands of the hacker.
“The hacker wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. The key request was that we run a healthy bug bounty program for security researchers,” the company stated.
I’m a Zomato User, Should I be Worried?
Login passwords for all the affected users have been reset by the company, which means that if your account was breached, you will have been logged out of it from all devices and you’ll need to set a new password for your account.
According to the company only user IDs, names, usernames, email addresses, and password hashes were leaked in the breach and no financial information like credit card or bank details were stolen.
The company stores all payment-related information in a secure PCI Data Security Standard (DSS) compliant vault, which wasn’t affected by the hack.
“We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,” the company added.
The hacker has agreed to destroy all the copies of the stolen data which has also been taken off the dark web marketplace and the link for selling the data has also been taken off.
Those who log into Zomato using third party OAuth services such as Google or Facebook have nothing to worry as none of their data could’ve been accessed during the breach since Zomato doesn’t store any information directly about these users.