Google backed delivery services startup Dunzo
recently has faced database breach that exposed phone numbers and email addresses
of app users. The exact number of customers affected are not declared. Company also emphasized that no payment information including credit card details were exposed due to the breach.
On an email distributed to its users, Dunzo confirmed the security breach and stated that they had launched and internal investigation for it.
“Our investigation so far suggests that the servers of a third party we work with was compromised. This allowed the attacker to get unauthorised access and breach our database.”
– Dunzo wrote in the email.
Company also pointed out immediate measure taken by them:
- Secured all our database and data stores from the network and access standpoint.
- Rotated all the access tokens and updated all passwords as a precautionary measure.
- Tightened infrastructure security and closed all the vulnerable ports.
- Reviewed and updated all access privileged to our system and infrastructure.
- Reviewed all the third-party plugins and integrations.
Enhanced our logging and tracking even further across various services to monitor and get alerted about any suspicious activity.
“We believe that all necessary steps have been taken to resolve the security breach and will keep you updated if we know more” – CTO and Co-Founder, Mukund Jha.
The email doesn’t tell users to change their password since the app uses a mobile number and OTP for signing in.
Dunzo is an Indian company that provides delivery services in Bengaluru, Delhi, Gurugram, Pune, Chennai, Jaipur, Mumbai and Hyderabad.