Dunzo Hacked! Personal Details Of 35 lakh Dunzo Users Leaked; Now What?
How Did This Happen?
Prior to this, Dunzo, the delivery service provider has reported a massive data breach in its servers.
Further, giving more information about the breach, the company said that the phone numbers and email address information had been compromised in the breach.
The delivery service provider emphasized that no payment information had been leaked in the data breach.
But now, the company has shared more information about the hack.
According to Dunzo, the leaked information now been uploaded on haveibeenpwned.com which is a website used by security researchers to help the public find whether their data had been breached or not.
So far, 3,465,259 accounts of Dunzo user’s details have been uploaded on this website.
Which Information Got Compromised?
After investigations, the company reached the conclusion that apart from phone numbers and email addresses, Personally Identifiable Information (PII) data of its users, which includes their last known location, phone type and last login dates were also compromised in the breach.
On top of this, Dunzo also informed that the compromised database also contained advertising-related attributes which include a few specific PII device info, last known IP address, and advertising id.
What Did Dunzo Say?
In a post on Medium, Dunzo said, “as confirmed earlier, payment information like credit cards are not stored on Dunzo servers and hence are not at risk. Additionally, no users’ home addresses were compromised during this data breach either,”.
Please note here that still Dunzo hasn’t shared the exact information about the number of users who were affected by this data breach.
Although, Have I Been Pawned reports reveal that 3,465,259 user accounts have been compromised in the breach that took place last year during June, which has been reported earlier this month.
After knowing about the breach, Dunzo had taken several steps.
This primarily includes securing all its databases, rotating all the access tokens, updating all passwords, closing all the vulnerable ports, tightening infrastructure security, enabling firewall and threat intelligence tools, reviewing all the third-party plugins and integrations among other things.
Apart from that, now, the company is reaching out to the affected users more proactively.
Dunzo said, “With the recent second wave of conversations around this breach, we are proactively re-sending communication to users as some may have missed the security update,”.