Delivery startup Dunzo has suffered a data breach that leaked phone numbers and email addresses of its users, the company’s chief technology officer (CTO) Mukund Jha announced earlier today. Jha’s post says that the servers “of a third party" Dunzo works with were compromised, and it allowed the attackers to get “unauthorized access" and breach the company’s database.
No payment information, like credit or debit cards etc. has been compromised, according to Jha. The company also sent emails to its users informing them about the data breach, stating that it has secured its databases, rotated access tokens and changed all passwords. The email doesn’t tell users to change their passwords, but that’s likely because Dunzo uses phone numbers and one time passwords for logins.
Dunzo also hasn’t revealed when the hack actually occurred or how long the database was left exposed. It’s unclear whether the attackers got access to its entire database or how many users were exposed. We have written to Dunzo for a clarification. This story will be updated to reflect their response.
Cyber attacks and data breaches have increased since the pandemic drove people indoors, spurring companies to bolster cybersecurity. However, security firms have still been warning about new attacks that try to take advantage of the pandemic, by spreading fake emails to users and trying to compromise their devices.
The Dunzo breach though seems to have happened on the server end, so it may not fully be in the company’s control.