2oceansvibe News | South African and international news

Sponsored by RSAWeb rss
2ov Radio
  • Home
  • About
    • Terms and Conditions
    • Seth Rotherham
  • du Cap Collection
  • Café du Cap
  • Cabine du Cap
  • Media Packs / Advertising
  • Contact
    • Contact
    • Anonymous Tips
    • Twitter
    • Facebook
Seth Rotherham
  • The Inside Scoop On How Zomato Was Hacked

    24 May 2017 by Sloane Hunter in Business, cybercrime, NEWORDER, Vibe
    Related Posts
    • One-Man Hacking Machine Is Taking On North Korea
    • Tesla Has A Hacking Problem
    • Panic At The Exact Moment You Realise Your Prison Has Been Hacked [Video]
    • Hacker Tries To Poison Entire City's Water Supply
    • "Just Put The Phone Down!" - What To Watch Out For After Experian Data Breach

    Zomato got hacked.

    Through a process that began in November 2015, the hacker was able to download data containing five points of information of the restaurant search and discovery service’s 17 million users: names, emails, numeric user IDs, usernames, and password hashes.

    That’s really scary.

    Although the password hashes leak was a little more contained, impacting only 6,6 million users (the rest logged in with their Facebook/Google account), things escalated when the information was then listed on a dark web marketplace.

    But it’s not all bad news.

    Since the hack, Zomato has been keeping everyone up to date with what went down. Zomato founder and CEO Deepinder Goyal wrote a blog post explaining just what happened after the information was taken:

    We were lucky we could get in touch with the person (hacker) in good time. As it turned out, the hacker was a security researcher (ethical hacker) who had put up the data for sale to get our attention (and/or to teach us a lesson). He/she only wanted us to launch a good bug bounty program on Hackerone, as he/she wanted to make sure that security researchers were rewarded well for their work. The hacker also shared the database with us and took the sales link down once we promised to launch the bug bounty program. He/she also agreed to destroy the data at their end immediately.

    So how did the hack happen exactly? In that same blog post, Goyal explained how the “ethical” hacker gained access:

    It all started in November 2015, when 000webhost’s user database was leaked online (with plain text passwords). One of our developers had his personal hosting account with the service. As a result of 000webhost’s user account data breach, his email address and password also became available publicly.

    Unfortunately, the developer was using the same email and password combination on Github. Back then, when 000webhost passwords leaked, we were not using 2 factor authentication on Github (we have been using two-factor authentication on Github since the last few months). With the login credentials for the developer, the hacker was able to use the developer’s password to get into his Github account and review one of our code repositories to which the developer had access (this happened some time last year, but for some reason the hacker only exploited the code very recently).

    Getting access to a part of the code didn’t give the hacker direct access to the database. Our systems are only accessible for a specific set of IP addresses. But the hacker was able to scan through the code, and he ended up exploiting a vulnerability in the code to access the database (via remote code execution). The piece of code which was vulnerable was a part of a deprecated system, and hadn’t been modified for a few years now.

    Yes, someone has some of our code, and that’s a risk. But we have taken every step conceivable to us to make sure that the code cannot be exploited in any way possible to breach Zomato’s infrastructure. Also, one more thought that gives us comfort – with every passing day, the leaked code is getting more and more out-of-date.

    How beautiful is that transparency?

    And get this: although the company was advised to take action against the developer responsible, they have decided not to make an example of them because, well, the company is to blame, too.

    Read Goyal’s full blog post here for a little lesson on crisis management, as well as how to prevent hackers gaining access to your own site.

    If that’s too much effort, though, just give NEWORDER a call.

    [source:timeslive&zomato]

    • ← Probably The Most Awesome Fan Story About Roger Moore That You’ll Ever Read
    • Pravin Gordhan Grilling The Eskom Board Is A Thing Of Beauty [Video] →
    • Tweet
    • Tags:
    • hack
    • hacking
    • NEWORDER
    • zomato

    Latest News

    • Latest On Ashley Oosthuizen, The South African ‘Drug Mule’ Locked Up In Thailand

      [imagesource: Netwerk24] South African Ashley Oosthuizen’s story hit the headlines ba...

    • Why The Cambridge International Curriculum May Be The Right Choice For You And Your Child

      So your child is enrolled in the CAPS curriculum — working their way towards achieving t...

    • John Steenhuisen’s ‘Roadkill’ Comment About Ex-Wife Hasn’t Gone Down Well [Video]

      [imagesource: Jeffrey Abrahams / Gallo Images] John Steenhuisen, the leader of the DA, ...

    • Grown-Up Rick Astley Has Done A Remake Of ‘Never Gonna Give You Up’ [Video]

      [imagesource: AAA] Technically, you're not about to be "Rickrolled". Although, since...

    • Some Cool Everyday Magic Tricks To Blow Your Friends’ (Kids’) Minds [Video]

      [imagesource: YouTube / Vanity Fair] Magicians aren't supposed to reveal how they do th...


    • 2oceansvibe Partners

    • CONTACT US
    • GOT A HOT STORY?
    • 2oceansvibe Radio
    • 2oceansvibe Media
    • Media Pack
    • Seth Rotherham
    • Café du Cap
    • Cabine du Cap
    • Cape Town City Accommodation
    • Terms & Conditions
    • Business
    • Media
    • Entertainment
    • Tech/Sci
    • World
    • Travel
    • Lifestyle
    • Sport
    • Politics
  • Follow

    2oceansvibe.com is part of the 2oceansVibe Media Group

    DMMA Logo