Zomato hacker agrees to destroy stolen data

Our Bureau Mumbai | Updated on January 11, 2018 Published on May 19, 2017

bl20 it zomato

Online firm promises to run a ‘bug bounty’ programme

A day after online restaurant discovery and food ordering portal fell prey to a Malaysian hacker ‘nclay’, Zomato has struck an agreement with the hacker to destroy the stolen data.

Zomato faced a major security breach after personal data, including email IDs and passwords, of about 17 million accounts were left exposed by the hacker. However, it had confirmed that no financial data were leaked.

In a blog, Zomato said that as a part of the several steps to mitigate the situation had contacted the hacker, who has put up the data for sale on the dark web.

“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty programme for security researchers,” Zomato said in its blog, adding that the company will soon be introducing a bug bounty programme on Hackerone.

“...the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace,” it mentioned assuring its users that in future it would work closely with ethical hacker communities to address the security issues.

Ankush Johar, Director at, a community powered enterprise security firm, told BusinessLine that every company, especially start-ups should run bug bounty programme and engage with hackers on regular basis to understand or find out the security breaches or vulnerabilities in their platforms if any.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on May 19, 2017
This article is closed for comments.
Please Email the Editor