Dunzo CTO Mukund Jha wrote in a blog post that initial results of an internal investigation suggests that servers of a third party that Dunzo works with were compromised, and this contained phone numbers and email addresses of Dunzo users.
“No payment information like credit card numbers was compromised as we do not store this data on our servers,” Jha said.
The concierge services app, which is backed by Google as one of its investors, has recently seen increased adoption for its delivery services post Covid-19.
The startup didn’t reveal details of the third-party service provider in question and when the breach had occurred.
A spokesperson for Dunzo clarified that the app has an OTP-based login system and hence does not store any password in its servers. So there is no breach of user passwords, the spokesperson said.
“We’ve always taken safety very seriously and we’re sorry that this happened. Our team is doing everything we can to ensure we make this right,” Jha noted.
Dunzo added that it has taken “all necessary steps” to resolve the security breach including securing databases, tightening infrastructure security, updating passwords and access tokens as a precautionary measure, and closing all vulnerable access ports, among others.
Dunzo also urged users to write to them directly at email@example.com for any queries.
While a few Dunzo users took to social media to share snapshots of email from the startup about the breach, Dunzo has not yet recommended to change their passwords, as per the communication.
Niranjan Patil, a cybersecurity professional, who shared one such communication on Twitter, noted that it was “refreshing to see an upfront and detailed note from an Indian business on a data breach.”
He also appreciated Dunzo for the intimation to users.
Cybersecurity professional and co-founder of Lucideus Rahul Tyagi said third-party data breaches are one of the topmost concerns for organizations after human-related data breaches with leakage of user’s personal information like email, username, mobile number etc. becoming very common.