The article discusses how an attacker can exploit Zomato's API to gather sensitive information about users through their phone numbers and mutual connections. By scraping data from the app, one can obtain details such as restaurant preferences, specific dish orders, prices, and even geographical coordinates of dining locations. The author demonstrates that by analyzing overlapping delivery radii and order frequencies, it is possible to infer a user's approximate location with reasonable accuracy. This method raises privacy concerns since Zomato treats this information as part of social features rather than sensitive data, potentially leading to mass data leaks if exploited on a larger scale.
Read the full article at InfoSec Write-ups - Medium
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
