Global food aggregator giant Zomato is in conversation with hackers to destroy 17 million stolen data and has assured to fill the security breach that was found by hackers.
On Thursday, Email IDs, Username, Addresses and Passwords were stolen from Zomato database which again shook the world just after ‘WannaCry‘ massacre.
On the other side, Zomato has cleared that customer’s sensitive information i.e. Credit Card Data and Payment Information is safe and has not been compromised.
“One of these steps was to open a line of communication with the hacker who had put the user data up for sale,” Zomato said in a blog at its website: http://blog.zomato.com/post/160807042556/security-notice-update
About 120 million users visit the Zomato website for queries and ordering of food. “With that assurance, the hacker has, in turn, agreed to destroy all copies of the stolen data and take the data off the dark web marketplace. The marketplace link which was being used to sell the data on the dark web is no longer available,” Zomato stated further.
Zomato is worried about that 6.6 million user IDs and Password can be decrypted by Brute Force Algorithm. “We will be reaching out to these users to get them to update their password on all services where they might have used the same password,” they said over the concern.
Zomato clears that at a certain point only five data points were leaked i.e. user IDs, names, usernames, email addresses, and password hashes. “No other information was exposed to anyone. Your payment information is absolutely safe, and there’s no need to panic,” Zomato said.
Although, the hacker didn’t harm the company but instead, urges to update the loopholes and vulnerability in the web-application.
Consequently, Zomato is introducing a bug bounty program on Hackerone very soon.