Breach, Threat Management, Data Security

Hacker agrees to erase stolen Zomato data set; company to launch bug bounty


The chief technologist at Zomato says the hacker responsible for breaching his company's database agreed to destroy all copies of the stolen data and remove it from the dark web, but only after the restaurant review service agreed to start a bug bounty program.

"The hacker has been very cooperative with us. He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers," wrote Gunjan Patidar in a blog post on Thursday.

The hacker, who goes by the handle "nclay," was discovered selling approximately 17 million Zomato user records, which included user IDs, names, usernames, email addresses and hashed passwords. The company reset the passwords for all affected users and logged them out of both its app and website.

HackerOne will run the vulnerability disclosure program, wrote Patidar, noting that the hacker has already removed the link to the dark web marketplace that was selling the data. Patidar did not mention any kind of monetary compensation or ransom payment going to the hacker, who according to Zomato will provide details into how he breached the company.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.