Zomato says hacker agrees to destroy 17 million user details, taken off dark web marketplace

You are reading the original article parsed for readability by Younews Reader as requested by you. Here is the original article: http://economictimes.indiatimes.com/small-biz/startups/zomato-says-hacker-agrees-to-destroy-17-million-user-details-taken-off-dark-web-marketplace/articleshow/58745347.cms
'Only 5 data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone,' the company said in a blogpost.'Only 5 data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone,' the company said in a blogpost.
Following the massive data breach of sensitive records of 17 million users, Zomato is reportedly working with the hacker to plug the gaps in its security system.

According to a blogpost on the company's website, the 'ethical hacker' - whose identity has been kept under wraps - simply wanted to expose the security vulnerabilities in the company's structure. Moreover, the hacker has reportedly given the company details on how the hacking was carried out, which Zomato will be revealing to the public soon.

'The hacker has been very cooperative with us...his/her key request was that we run a healthy bug bounty program for security researchers,' the blog stated, which the company has acceded to in exchange for taking off all copies of the stolen data from the dark web marketplace and destroying it.

Also read: Zomato hacked: Security breach results in 17 million user data stolen

According to Zomato's blogpost, the company will be introducing a bug bounty program on Hackerone. The marketplace link which was being used to sell the data on the dark web is also reportedly no longer available, as per the blog. 'We look forward to working more closely with the ethical hacker community to make Zomato a safer place for our users,' it further stated.

About 6.6 million users had password hashes in the leaked data, according to the blog. 'Only 5 data points were exposed - user IDs, Names, Usernames, Email addresses, and Password Hashes with salt. No other information was exposed to anyone,' it further stated.


Following the hacking incident, founder of Zomato Deepinder Goyal took to micro-blogging site Twitter to assure users' logging in through their Facebook and Google accounts of complete immunity.

"60% of users use Goog/FB for logging in to Zomato. We don’t have passwds for these accounts - therefore, these users are at zero risk," he had tweeted.

For other users, Zomato will be reaching out to get them to update their password on all services where they might have used the same password.

---End of Article---