Delivery Start-up Dunzo Suffers Data Breach, Users’ Numbers Leaked
No payment information like credit card details and passwords were compromised as Dunzo uses OTPs.
Indian hyperlocal delivery service Dunzo has been hit by a data breach that has exposed the phone numbers and email IDs of its users, as reported by The Next Web (TNW).
The Google-backed platform provides pickup and delivery service in over seven cities in India. The service allows you to have a package picked from any location and be delivered to you at your doorstep.
As per a company statement, the hacker gained unauthorised entry into one of its databases. It is not clear yet how many accounts have been compromised.
Recently, our team identified a security breach that involved unauthorized access to one of our databases. While we are still investigating, we believe it is our responsibility to inform you as soon as possible.Dunzo in a statement to TNW
As per Nikhil Pahwa, founder of MediaNama, the attackers compromised the servers of a third-party that Dunzo works with and gained access to the database.
No payment information like credit card details and passwords were compromised as Dunzo uses OTP.
Dunzo has not disclosed the name of the vendor through whom the breach has happened and there still remains a risk of other databases being compromised.
Pahwa also added that the phone numbers and email database can be used to carry out phishing attacks over voice, text and email.
As a security measure, Dunzo has now changed the access tokens and passwords to prevent any further data breach and has also secured all of its databases.
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.