Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers

Zomato Bug Bounty

Zomato is a well-known foodtech business based in Gurugram, India. This startup was started as Foodiebay in July 2008 by two IIT Delhi alumnus, DeepinderGoyal and PankajChaddah.

Well, now, its gaining more popularity than ever because of a step the CEO of Zomato made.

Zomato Bug Bounty

Zomato Bug Bounty, Web Development Training

This foodtech unicorn Zomato has been paying off hackers for responsibly disclosing bugs with the company’s platform.

According to an IANS report, it was disclosed that Zomato has paid more than $100,000 (INR 70 lakhs) to 435 hackers till date.

Apparently it is also alleged that they have paid $12,350 (more than 8.7 lakhs) to hackers for finding and fixing bug on its platform in the last 90 days.

How Zomato blocks the security bugs?

Based on that report, it is said that since July 2017, Zomato has been using HackerOne’s bug bounty programme and since they have successfully resolved 775 vulnerabilities report.

HackerOne claimed that Zomato’s security team is tasked to protect delicate information of over 55 million unique monthly visitors.

The report also showed that for critical bug discovery of Zomato platform, it pays $2,000 to the security researchers, $700 for the high severity bugs, $300 for medium and $150 for low vulnerabilities.

Even the concerns for user safety has grown importance when in May 2017 after hackers broke into Zomato to steal email addresses and to jumble passwords of over 17 million registered users.

At the time, Zomato confirmed that payment information or any card details were not stolen. Instead they had reset the passwords of all affected users and logged them out of the app and website.

The company also confirmed their firm grip on security by stating that they are committed to protect their community and if anyone is a security researcher and believes to identify security related issues with the app or website, the company would appreciate disclosing that to them responsibly.

Even Zomato reportedly stated to the security researchers that the scope of issues is limited to technical vulnerabilities in Zomato website or mobile applications while suggesting them not to attempt to compromise the safety and privacy users have or the availability of the site via DoS attacks or spam.

What is exactly happening with Zomato?

In terms of the numbers, Zomato has recorded a 225% rise in revenue within 6 months. Based on the company’s biannual report, it was registered $205 million in revenue which is quite great compared to $63 million in the first half of last year.

The report also includes the presence of 40% decline in Zomato’s EBITDA loss calculating from March to September 2019. They have also pointed out the burn rate measuring that they are losing money by 60%.

The company has around 119k restaurants which is quite impressive compared to 43k last year.

From the past few months, the company has been through some campaigns, including discontinuing infinity dining service, logout campaigns, and altering rules while extending the benefits of Zomato Gold along with multiple rounds of layoffs and protests from delivery partners.

Cyber Security Concerns

According to a new Data Security Council of India (DSCI) report, India has been the second most cyber-attack affected country between 2016 and 2018.

Moreover, the data breach in India has risen to 7.9% since 2017 with an average cost for each breached record amounting to 64 dollars.

In September, Uber fixed a hacking bug found by Anand Prakash, Indian cybersecurity researcher and he was paid a bounty of 6500 dollars. Prakash disclosed the vulnerability of that bug stating that the bug allowed anyone to access any Uber account easily.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

As you found this post useful...

Follow us on social media!

Summary

Related posts

Leave a Comment