Zomato Eliminates 400 Security Vulnerabilities in Website, Apps

Zomato has boosted security of its web and mobile applications through its bug bounty program on HackerOne, a hacker-powered security provider.

In the first 12 months of its public bug bounty program, the restaurant search and reservations service resolved nearly 400 security vulnerabilities to protect customers and has surpassed $100,000 in bounties paid to “ethical hackers.”  

The India-based restaurant search and discovery service operates in 24 countries, including the United States, Australia, United Kingdom, Canada, India, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand, and more. Its security team, lead by Prateek Tiwari, is tasked with protecting sensitive information for over 55 million monthly visitors and 2,000 employees.

Since launching its bug bounty program in July 2017, the company has paid out over $100,000 to more than 350 hackers for their efforts, all while maintaining an average response time of 4 hours — 18 times faster than the average managed program on HackerOne, placing Zomato among the most responsive programs on the platform.

In recent months, Zomato’s apps were added to the Google Play Security Reward Program (GPSRP), providing an opportunity for hackers to earn up to a $5,000 bonus for specific vulnerability types. GPSRP is a bug bounty program offered by Google Play, in collaboration with HackerOne and the developers of certain popular Android apps. It recognizes the contributions of security researchers who invest their time and effort in helping make apps on Google Play more secure.