After the much-talked about Zomato breach of 17 million user database, the company is now working with the hacker to amend the loopholes in its security system.
Gunjan Patidar, Chief Technical Officer, Zomato in his blog ensured everyone saying, “We have taken multiple steps to mitigate the situation. One of these steps was to open a line of communication with the hacker who had put the user data up for sale.”
According to the blogpost, the very cooperative ethical hacker just wanted to acknowledge the vulnerabilities in Zomato’s security system. He/she wanted the company to work with the ethical hacker community to fill the gaps amidst the system and make it a safer place for users. Also, the identity of the hacker has been kept confidential.
Patidar added that a bug bounty program on Hackerone will be introduced soon and in return of this, the hacker has agreed to destroy all copies of the leaked database. He/she has also taken down the Dark Web marketplace link but gave a copy of leaked data to Zomato.
The company has assured only 5 data points were accessed by the hacker – name, user ID, username, password hash with salt and email address. Patidar added, “No other information was exposed to anyone. Your (users) payment information is absolutely safe, and there is no need to panic.”