Case Study: Zomato achieves faster vulnerability response and stronger security for 55M users with HackerOne

Zomato’s Hacker-focused Approach Turns the Tables On Security Vulnerabilities

Zomato, a global restaurant discovery and ordering platform serving 55 million monthly users across 24 countries, needed to protect large volumes of personal and financial data generated by millions of daily transactions. The security challenge was to find and fix vulnerabilities quickly while keeping hackers engaged and focused on issues that mattered to their customers and core applications.

Zomato launched a HackerOne bounty program in July 2017 and adopted a hacker-first approach—prioritizing rapid (4-hour average) responses, personal relationships with top researchers, and integration with Google Play’s security rewards. The program paid more than $100,000 to 350+ hackers, cut triage noise, improved report quality and resolution speed, and materially strengthened Zomato’s security posture while keeping researchers motivated and loyal.

Zomato

Prateek Tiwari

Security Lead