A day after online restaurant discovery and food ordering portal fell prey to a Malaysian hacker ‘nclay’, Zomato has struck an agreement with the hacker to destroy the stolen data.

Zomato faced a major security breach after personal data, including email IDs and passwords, of about 17 million accounts were left exposed by the hacker. However, it had confirmed that no financial data were leaked.

In a blog, Zomato said that as a part of the several steps to mitigate the situation had contacted the hacker, who has put up the data for sale on the dark web.

“The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty programme for security researchers,” Zomato said in its blog, adding that the company will soon be introducing a bug bounty programme on Hackerone.

“...the hacker has in turn agreed to destroy all copies of the stolen data and take the data off the dark web marketplace,” it mentioned assuring its users that in future it would work closely with ethical hacker communities to address the security issues.

Ankush Johar, Director at Bugsbounty.com, a community powered enterprise security firm, told BusinessLine that every company, especially start-ups should run bug bounty programme and engage with hackers on regular basis to understand or find out the security breaches or vulnerabilities in their platforms if any.

comment COMMENT NOW