Hyperlocal Delivery App Dunzo Hit By Large Data Breach

Bengaluru-based delivery startup Dunzo said it suffered a massive data breach where personal information of users was compromised.

The data that was compromised includes email IDs, phone numbers, last known location, phone type and login dates, Dunzo’s Chief Technical Officer Mukund Jha said in a blogpost today. “No payment information like credit card numbers was compromised as we don’t store this data on our servers.”

Jha wrote that their internal investigation suggests that servers of a third party that Dunzo works with were compromised. “This allowed the attacker to get unauthorised access and breach our database.”

According to security researcher Troy Hunt’s Have I Been Pwned website—that tracks data breaches across the internet—the breach happened around June 2019 last year. Data of up to 3.5 million unique email addresses were all broadly distributed online through a hacking forum.

The hyperlocal delivery app is still investigating the breach and has tightened security measures around their servers. Further, the technical team is working with two external cybersecurity firms to tackle the situation and to avoid any sort of security threats in the future. “While our tech team continues to investigate, we have taken swift action to plug the security gap and added additional layers of security protocols to ensure that your data is protected,” the company said.

“To the best of our knowledge, we believe that all necessary steps have been taken to resolve the security breach and will keep you updated if we know more,” Jha said.