“The hacker wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. The key request was that we run a healthy bug bounty program for security researchers,” the company stated.
I’m a Zomato User, Should I be Worried?
Login passwords for all the affected users have been reset by the company, which means that if your account was breached, you will have been logged out of it from all devices and you’ll need to set a new password for your account.
According to the company only user IDs, names, usernames, email addresses, and password hashes were leaked in the breach and no financial information like credit card or bank details were stolen.
The company stores all payment-related information in a secure PCI Data Security Standard (DSS) compliant vault, which wasn’t affected by the hack.
“We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,” the company added.
The hacker has agreed to destroy all the copies of the stolen data which has also been taken off the dark web marketplace and the link for selling the data has also been taken off.
Those who log into Zomato using third party OAuth services such as Google or Facebook have nothing to worry as none of their data could’ve been accessed during the breach since Zomato doesn’t store any information directly about these users.