Dunzo suffers data breach; users' phone numbers, email IDs exposed

Google-backed delivery services startup says clients' payment information was not compromised.

Dunzo, the Google-backed delivery services startup, said on Saturday it had identified a security breach in a database that exposed phone numbers and email addresses of its users.
 

A server belonging to a third party partner of the company was compromised, said Mukund Jha, chief technology officer at the Bengaluru-based startup, in a blog post. "No payment information like credit card numbers was compromised as we do not store this data on our servers," said Jha.
 

The company said it has taken "swift action" to plug the security gap and added additional layers of security protocols to ensure that user data is safeguarded. Dunzo did not advise the users to change passwords, presumably because the app operates through one-time password (OTP) system.
 

Review of all the access tokens, of passwords and, third-party plugins and integrations were listed as few steps the company had taken to as precautionary measures. "We’ve always taken safety very seriously and we’re sorry that this happened. Our team is doing everything we can to ensure we make this right," Jha said.
 

Dunzo, however, did not reveal the number of accounts exposed or the third-party partner whose server whose was affected.
 

Cyberattacks, data leaks and breaches have increased since the coronavirus pandemic spread across the world. US-based cyber intelligence firm Cyble earlier reported a ransomware attack on Indiabulls Group had hackers threatening to leak critical data owned by the group’s companies such as account transaction details, vouchers, letters sent to bank managers.