Food-tech company Zomato might be searing in the still-smoking embers of last week's security breach, but the company is walking the tough corporate tightrope of transparency by expounding on how the unidentified ethical hacker breached its infrastructure to access a part of the company's database.In a company blogpost signed off by the founder himself, Zomato traces it back to November 2015 when 000webhost’s user database was leaked online. Free website hosting service 000webhost had suffered a data breach in October 2015 and 13 million user passwords were leaked.'One of our developers had his personal hosting account with the service,' Deepinder Goyal stated in the blog. 'As a result, his email address and password - which was the same combination on Github as well - also became available publicly,' he added.That was still the time when two-factor authentication was not being used on Github.'The hacker was then able to log into his Github account and review one of the code repositories to which the developer had access,' the blog further states.Why data that was privy to the hacker for years but exploited only recently is anybody's best guess.However, getting a part of the code did not give the hacker direct access to the database.'Our systems are only accessible for a specific set of IP addresses. But the hacker was able to exploit a vulnerability in the code to access the database,' Goyal writes in the blogpost. 'That piece of code was a part of a deprecated system, and had not been modified for a few years now,' he added.Goyal admits that it is a risk to have someone access to some of its code, but is quick to add that the online food aggregator is making sure that 'the code cannot be exploited in any way possible to breach Zomato’s infrastructure and that, the leaked code is getting more and more out-of-date with every passing day'.Curiously enough, contrary to expectations, Zomato claims that the company has noticed a slight spike in its traffic since the incident. 'We are thankful and extremely lucky to have a brand which people love and are willing to forgive for even some very big mistakes,' it stated in the blogpost.Zomato claims that its use of multiple environments, each segregating and containing a part of the business, ensured that the security breach was limited to only one part of its database. 'The hacker did not gain access to all the various databases used by different businesses,' the blog stated.The company had also rolled out two-factor authentication on Github a few months ago. According to the blog, this cut off the hacker’s access to the developer’s Github account for updated code. 'The hacker was working off an old code base, limiting the extent of data the hacker could access,' it added.The blog further stated that its network restrictions ensured that its servers were not compromised, protecting its payment processing systems which runs on a separate environment.Last week, Zomato had reported that it had suffered a security breach with over 17 million user records stolen - including email addresses and hashed passwords - from the food-tech company's database.After listing these data points on a dark web marketplace, the hacker had reportedly taken it down and destroyed the stolen data after reaching a compromise with Zomato whereby the food-tech company will launch a bug bounty program on Hackerone