Dunzo, an India-based on-demand delivery provider app that has seen large investments from Google on the back of its top-notch services, reported a limited data breach that compromised its customer database. However, the breach has now been resolved and Dunzo has beefed up its security.
Mukund Jha, CTO of Dunzo, on Saturday, informed that an unauthorized access to its database had taken place potentially through a third-party service provider, which led to customer information compromise.
Things we know so far…
- Threat actors initiated a breach through a third-party vendor of Dunzo
- The data breach was only limited to user databases
- User phone numbers and email addresses were compromised
- No loss of payment information like credit card details was reported as per initial investigations
As per Mukund’s statement, Dunzo has always prioritized users’ data security and privacy and thus felt obligated to inform them about the immediate security safeguards implemented by the company post the data breach reporting.
Safeguarding steps taken
- All networks and access points to Dunzo’s databases have been secured
- All access tokens and passwords have been changed and updated
- Security infrastructure has been upgraded and all potentially vulnerable ports are closed
- All access privileges to network and system infrastructure have been reviewed and upgraded
- All third-party plugins and integrations have been reviewed and upgraded
- Logging and tracing have been further enhanced to monitor any suspicious activity
Data breach incidences can be complex and organizations handling customer data need to be doubly sure that no backdoors are present in the databases that will affect them in the future. Thus, Mukund said, “While our best teams are working on resolving and strengthening our security efforts, we’re also engaged with leading cybersecurity firms and experts to further strengthen these efforts. We are taking all necessary steps to resolve the security breach and will keep you updated if we know more.”