Popular restaurant search and discovery service Zomato was in the news on Thursday when it revealed that about 17 million user records were stolen from its database. Zomato said that the stolen information had user email addresses and hashed passwords, but no credit card information.
The company has now revealed that it’s been in touch with the hacker, who has revealed how the information was stolen, and Zomato says it has since plugged the leak. Zomato has added that the hacker has been very cooperative, and he/ she requested that Zomato run a healthy bug bounty program for security researchers – a request that the company has accepted.
Zomato announced that it will soon introduce a bug bounty program on Hackerone. With that assurance, the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark Web marketplace. The marketplace link which was being used to sell the data on the dark Web is no longer available.
That is not all! Zomato has pointed out that it will be getting in touch with the 6.6 million users whose password hashes were leaked to advise them to change their password on all services where they use the same password.