Zomato disclosed on HackerOne: [█████████] Hardcoded credentials in...
Authorization credentials for one of our development environments were hard coded in our Android App. We changed it as soon as this was reported.
Thanks @gerben_javado for reporting this.
hackerone.com