New Delhi: Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers till date for finding and fixing bugs on its platform.
In fact, $12,350 (over Rs 8.7 lakh) in bounties were paid in the last 90 days alone, said HackerOne, hacker-powered bug bounty platform.
With the help of HackerOne's bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report, HackerOne told IANS on Thursday.
"Zomato security team is tasked with protecting sensitive information for over 55 million unique monthly visitors," it added.
For the critical bug discovery on its platform, Zomato pays $2,000 to security researchers, $700 for bugs with high-severity impact, $300 for medium and $150 for low-impact vulnerabilities.
In May 2017, hackers broke into the online food delivery service, stealing email addresses and hashed passwords of nearly 17 million records of its registered users.
Zomato had said that no payment information or credit card data was stolen or leaked. It had reset the passwords for all affected users and logged them out of the app and website.
According to the company, it takes security seriously.
"We're committed to protecting our community. If you are a security researcher or expert, and believe you've identified security-related issues with Zomato's website or apps, we would appreciate you disclosing it to us responsibly," the company said in blog post.
"The scope of issues is limited to technical vulnerabilities in the Zomato website or mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Zomato through DoS attacks or spam," Zomato told security researchers.
Zomato currently operates in 24 countries like the US, Australia, the UK, Canada, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand and more.
Zomato on October 1 said its India revenue for the first half of the financial year 2019-20 saw a massive three-fold jump -- from $63 million in the same period in 2018-2019 to $205 million this time.
It is now present in over 500 cities across the country.
In fact, $12,350 (over Rs 8.7 lakh) in bounties were paid in the last 90 days alone, said HackerOne, hacker-powered bug bounty platform.
With the help of HackerOne's bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report, HackerOne told IANS on Thursday.
"Zomato security team is tasked with protecting sensitive information for over 55 million unique monthly visitors," it added.
For the critical bug discovery on its platform, Zomato pays $2,000 to security researchers, $700 for bugs with high-severity impact, $300 for medium and $150 for low-impact vulnerabilities.
In May 2017, hackers broke into the online food delivery service, stealing email addresses and hashed passwords of nearly 17 million records of its registered users.
Zomato had said that no payment information or credit card data was stolen or leaked. It had reset the passwords for all affected users and logged them out of the app and website.
According to the company, it takes security seriously.
"We're committed to protecting our community. If you are a security researcher or expert, and believe you've identified security-related issues with Zomato's website or apps, we would appreciate you disclosing it to us responsibly," the company said in blog post.
"The scope of issues is limited to technical vulnerabilities in the Zomato website or mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Zomato through DoS attacks or spam," Zomato told security researchers.
Zomato currently operates in 24 countries like the US, Australia, the UK, Canada, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand and more.
Zomato on October 1 said its India revenue for the first half of the financial year 2019-20 saw a massive three-fold jump -- from $63 million in the same period in 2018-2019 to $205 million this time.
It is now present in over 500 cities across the country.
No comments:
Post a Comment