Popular online food delivery and ordering website Zomato on Thursday admitted a major security breach in its database. The company had unveiled that the user records, which includes usernames and hashed passwords, of its 17 million users had been stolen while reassuring that the payment information including the credit card details was safe.
In another blog post, Zomato has revealed that it had open a line of communication with the hacker who posted the information for sale on the dark web. The hacker has agreed to share the details of how he/she got access to Zomato’s database and cooperate with the company in plugging the gaps in its security. ” The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps,” Zomato wrote in the blog post.
According to the blog post, the hacker has also agreed to take the data off the dark web and destroy all copies of the stolen information.
Furthermore, Zomato said that the key request made by the hacker was for the company to run a ‘healthy bug bounty program’, to which it has agreed. The company will soon be introducing a bug bounty program on Hackerone, that would allow the security researchers to point flaws in its security and patch them.
Also, the company would soon be reaching out to its 6.6 million users whose passwords have been leaked in order to get them to update their passwords.