Home-bred online food-delivery service provider, Zomato, which has recently been hacked, launched a bug bounty programme in India.
Zomato in collaboration with renowned ethical hacking organisation ‘HackerOne’ is hosting the event, where programmers will be given the opportunity to report technical vulnerabilities on Zomato’s products both the company’s websites and mobile app.
“We also encourage security researchers to intimate us of any potential security issues. We will make every effort to quickly resolve all reported issues. To qualify for a bounty, the issue must be reported through HackerOne,” the company said in a statement.
Zomato-HackerOne Bug bounty Programme Reward details:
The company claims that the rewards for the bug reports will be based on the severity of potential vulnerability and will be assessed on a case-by-case basis by Zomato’s infrastructure security team.
For instance, the rewards will be higher for unique and hard-to-find bugs, and relatively lower for bugs with a lower risk of exploitation. The minimum reward for severe bugs like Remote Code Execution or User Personal Information Access carries $1,000 (roughly €878/Rs 64,806) bounty.
Interested ethical hackers can register at Zomato’s page at HackerOne website. They will be given test accounts and only through that, they have to discover bugs or any vulnerabilities.
To recap, Zomato was hacked by a cyber criminal, who goes by the moniker “nclay” in late May. The hacker stole Zomato’s registered customer details including emails and passwords and put the information for sale on dark web for 0.5587BTC (Bitcoins is currency used online), which is estimated to be around $1,001.43 (approx. Rs. 64,525).
Thankfully, Zomato had stored customers’ credit card details in a highly-secured PCI Data Security Standard (DSS) compliant vault.