Request a Call Back
Do you have a startup idea and looking for a mobile app development company in London? Get in touch, we've successfully helped more than 50 startups in the UK.
Alessia Jhonson
Request a Call Back

Enter your contact details and one of our friendly team member will be in touch soon!.

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers

A

Arobit Business Solutions Pvt. Ltd.

Zomato is a well-known food-tech business based in Gurugram, India. This startup was started as Foodiebay in July 2008 by two IIT Delhi alumnus, DeepinderGoyal and PankajChaddah.

 

Well, now, it's gaining more popularity than ever because of a step the CEO of Zomato made.

 

This food tech unicorn Zomato has been paying off hackers for responsibly disclosing bugs with the company’s platform.

 

According to an IANS report, it was disclosed that Zomato has paid more than $100,000 (INR 70 lakhs) to 435 hackers to date.

 

Apparently it is also alleged that they have paid $12,350 (more than 8.7 lakhs) to hackers for finding and fixing a bug on its platform in the last 90 days.

 

How Zomato block the security bugs?

 

Based on that report, it is said that since July 2017, Zomato has been using HackerOne’s bug bounty program and since they have successfully resolved 775 vulnerabilities report.

 

HackerOne claimed that Zomato’s security team is tasked to protect delicate information of over 55 million unique monthly visitors.

 

The report also showed that for critical bug discovery of the Zomato platform, it pays $2,000 to the security researchers, $700 for the high severity bugs, $300 for medium and $150 for low vulnerabilities.

 

Even the concerns for user safety has grown importance when in May 2017 after hackers broke into Zomato to steal email addresses and to jumble passwords of over 17 million registered users.

 

Zomato Bug Bounty

Zomato Bug Bounty, Web Development Training

 

At the time, Zomato confirmed that payment information or any card details were not stolen. Instead, they had reset the passwords of all affected users and logged them out of the app and website.

 

The company also confirmed their firm grip on security by stating that they are committed to protecting their community and if anyone is a security researcher and believes to identify security-related issues with the app or website, the company would appreciate disclosing that to them responsibly.

 

Even Zomato reportedly stated to the security researchers that the scope of issues is limited to technical vulnerabilities in the Zomato website or mobile applications while suggesting them not to attempt to compromise the safety and privacy users have or the availability of the site via DoS attacks or spam.

 

What is exactly happening with Zomato?

 

In terms of the numbers, Zomato has recorded a 225% rise in revenue within 6 months. Based on the company’s biannual report, it was registered $205 million in revenue which is quite great compared to $63 million in the first half of last year.

 

The report also includes the presence of a 40% decline in Zomato’s EBITDA loss calculating from March to September 2019. They have also pointed out the burn rate measuring that they are losing money by 60%.

 

The company has around 119k restaurants which are quite impressive compared to 43k last year.

 

From the past few months, the company has been through some campaigns, including discontinuing infinity dining service, logout campaigns, and altering rules while extending the benefits of Zomato Gold along with multiple rounds of layoffs and protests from delivery partners.

 

Cyber Security Concerns

 

According to a new Data Security Council of India (DSCI) report, India has been the second most cyber-attack affected country between 2016 and 2018.

 

Moreover, the data breach in India has risen to 7.9% since 2017 with an average cost for each breached record amounting to 64 dollars.

 

In September, Uber fixed a hacking bug found by Anand Prakash, an Indian cybersecurity researcher and he was paid a bounty of 6500 dollars. Prakash disclosed the vulnerability of that bug stating that the bug allowed anyone to access any Uber account easily.