Dunzo, the Google-backed delivery services and products startup, said on Saturday it had identified a security breach in a database that exposed phone numbers and email addresses of its users.
A server belonging to a third party partner of the company used to be compromised, said Mukund Jha, chief technology officer at the Bengaluru-based startup, in a blog post. “No payment information like credit card numbers used to be compromised as we don’t store this data on our servers,” said Jha.
The company said it has taken “swift action” to plug the security hole and added extra layers of security protocols to make sure that user data is safeguarded. Dunzo did not advise the users to change passwords, presumably because the app operates through one-time password (OTP) system.
Review of all of the access tokens, of passwords and, third-party plugins and integrations were listed as few steps the company had taken to as precautionary measures. “We’ve at all times taken safety very seriously and we’re sorry that this happened. Our team is doing everything we will to verify we make this correct,” Jha said.
Dunzo, then again, did not reveal the number of accounts exposed or the third-party partner whose server whose used to be affected.
Cyberattacks, data leaks and breaches have increased since the coronavirus pandemic spread across the world. US-based cyber intelligence firm Cyble earlier reported a ransomware attack on Indiabulls Group had hackers threatening to leak critical data owned by the group’s companies such as account transaction details, vouchers, letters sent to bank managers.