Indian delivery service Dunzo has reported that that company has identified a data breach impacting one of its customer databases. The company revealed that the hackers gained unauthorized access to the database that contained the phone numbers and email addresses of its users.
(This post is updated on July 29th, 2020)
After about three weeks of the announcement of a data breach, the company has updated about findings of its internal investigation to the breach.
In the updated Medium post, the company’s CTO Mukund Jha notes that the Personally Identifiable Information (PII) datat of users that includes device info, last known IP address, and advertising id.
It also notes that the users’ home addresses were not compromised during this data breach.
The company did not reveal the exact number of user data exposed but it noted that the saved payment information of users including credit card numbers was not impacted by the data breach.
To get rid of any misuse of user data the company has rotated all its access tokens and updated all passwords.
“Our investigation so far suggests that the servers of a third party we work with were compromised, leading to bypassing of our security measures and a breach of our database,” a Dunzo spokesperson told Gadgets 360.
The company has not revealed which third-party servers got compromised but Mukund Jha, Dunzo CTO published a post on Medium to reveal the data breach development in which he mentioned that his team took “swift action” to patch the security loophole and “added additional layers of security protocols” to address the issue.
“While our best teams are working on resolving and strengthening our security efforts, we’re also engaged with leading cybersecurity firms and experts to further strengthen our efforts,” Jha said.
Dunzo also offers online delivery service for multiple services including food, groceries, and medicines from nearby shops in eight cities across India, namely Bengaluru, Chennai, Delhi, Gurugram, Hyderabad, Jaipur, Mumbai, and Pune.