Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers

SUMMARY

Zomato has paid more than $100K (over INR 70 Lakh) to 435 hackers till date

Zomato paid $12,350 (over INR 8.7 Lakh) in bounties have been paid in the last 90 days

Zomato has been using HackerOne's bug bounty programme

Gurugram-based foodtech unicorn Zomato has been paying off hackers who have responsibly disclosed bugs with the company’s platform.

An IANS report has cited HackerOne statistics to say that Zomato has paid more than $100K (over INR 70 Lakh) to 435 hackers till date for finding and fixing bugs on its platform. It said that  $12,350 (over INR 8.7 Lakh) in bounties have been paid in the last 90 days.

How Zomato Tackles Security Bugs?

The report said that since July 2017, Zomato has been using HackerOne’s bug bounty programme and has successfully resolved 775 vulnerabilities report. HackerOne claimed that the Zomato security team is tasked with protecting sensitive information for over 55 Mn unique monthly visitors.

The report showed that for the critical bug discovery on its platform, Zomato pays $2,000 to security researchers, $700 for bugs with high-severity impact, $300 for medium and $150 for low-impact vulnerabilities.

The concerns for user safety at blog gained prominence when in May 2017, hackers broke into Zomato, stealing email addresses and hashed passwords of nearly 17 Mn registered users. At the time, Zomato had said that no payment information or credit card data was stolen or leaked.

It had reset the passwords for all affected users and logged them out of the app and website. According to the company, it takes security seriously.

“We’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Zomato’s website or apps, we would appreciate you disclosing it to us responsibly,” the company said.

“The scope of issues is limited to technical vulnerabilities in the Zomato website or mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Zomato through DoS attacks or spam,” Zomato reportedly told security researchers.

What Is Happening At Zomato?

In terms of numbers, Zomato recorded a 225% rise in revenue in the first half of FY2020. According to the company’s biannual report, it has registered $205 Mn in revenue, compared to $63 Mn in the first half of last year.

The report also mentioned that there has been a 40% decline in Zomato’s EBITDA (earnings before interest, tax, depreciation and amortization) loss from March to September 2019. The company has also pointed out that its monthly burn rate, which measures the rate at which a company is losing money, is down by 60%.

In the H1FY20, the food aggregator and delivery startup has around 119K restaurants, compared to 43K last year.

Over the last few months, Zomato has been through #logout campaign, discontinuing infinity dining service, altering rules and extending the benefits of Zomato Gold, and multiple rounds of layoffs, and protests from delivery partners.

Cybersecurity Concerns At Internet Companies

In the day and age of data security and concerns costing billions to tech giants such as Facebook, the security breach instances haven’t stopped.

In September, Uber fixed a hacking bug found by Indian cybersecurity researcher Anand Prakash and paid him a bounty of $6,500. Prakash told Inc42 that the bug allowed hackers to log into anyone’s Uber account.

In August, Chennai-based security researcher Laxman Muthiyah found a bug in the Facebook-owned Instagram, which allowed anyone to hack the popular photo-sharing social networking service. The revelation came barely a month after reporting a similar flaw on Instagram.

India has been the second most cyberattacks affected country between 2016 to 2018, according to a new Data Security Council of India (DSCI) report. Further, the average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record amounting to INR 4,552 ($64).

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers-Inc42 Media
Zomato Has Paid Out Over INR 70 Lakh As Bug Bounty To Developers-Inc42 Media
You’re in Good company