Hacker removes 6.6 million Zomato customer passwords from dark web after company agrees to start bug bounty program

The company's security measures leave a lot to be desired Another website has been hacked and had its customers’ information put up fo...

The company's security measures leave a lot to be desired

Another website has been hacked and had its customers’ information put up for sale on the dark web. But this particular incident was resolved when the hacker agreed to remove the listing on the condition that the victim introduces a bug bounty program.

Restaurant search service Zomato, which is available in more than 20 countries around the world, yesterday revealed it had discovered 17 million user records from its database had been stolen. 60 percent of those affected use third-party authenticators such as Google and Facebook to log into the service, so these credentials weren’t at risk, but that left around 6.6 million password and email combinations exposed.

Zomato claimed the hashed passwords “cannot be easily converted back to plain text,” but as they use the notoriously weak MD5 hashing algorithm with a very short salt, Motherboard and other security researchers managed to convert just over half from a sample set back to their original state.

Zomato said it has since patched the vulnerability that made the hack possible and reset the passwords for all affected users. It stresses that payment information is stored separately from the stolen data, meaning no credit/debit card details were compromised.

Somewhat unusually, Zomato eventually contacted the hacker responsible. The person agreed to remove the leaked data from the dark web and destroy all the copies, but only if the company acknowledged the vulnerabilities in its system and offers to compensate security researchers who discover bugs. Zomato has had an account on the Hacker One disclosure service for over a year, and will now start paying people who report security issues.

The hacker told Motherboard they found the vulnerability in the Zomato’s infrastructure around one year ago. They reported it but received no reply. "It does not justify the pain I caused to them, but it is a reason," they said.


http://www.techspot.com/news/69386-hacker-removes-66-million-zomato-customer-passwords-dark.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Hacker removes 6.6 million Zomato customer passwords from dark web after company agrees to start bug bounty program
Hacker removes 6.6 million Zomato customer passwords from dark web after company agrees to start bug bounty program
http://www.techspot.com/images2/news/bigimage/2017/05/2017-05-19-image-3.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/05/hacker-removes-66-million-zomato.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/05/hacker-removes-66-million-zomato.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin