Hyperlocal delivery startup Dunzo has revealed that it has suffered a security breach that involved unauthorized access to one of its databases. The database that was compromised contained user phone numbers and email address information. Dunzo has said that it has launched an internal investigation into the same but hasn’t yet disclosed details on how many users’ data has been compromised.
While it says that it doesn’t have all the information yet, investigation so far suggests that the servers of a third party that Dunzo works with have been compromised, which allowed the hacker to get unauthorized access and breach Dunzo’s database.
Dunzo claims that no payment information like credit card numbers was compromised as it does not store this data on its servers.
Dunzo has said that its tech team is investigating the breach and meanwhile, it has taken action to plug the security gap and added additional layers of security protocols to ensure that data is protected.
Listing the security measures taken by the company, Dunzo has said that it has secured its database and data stores from network and access standpoint, and has rotated all the access tokens and updated all passwords as a precautionary measure.
It has also tightened its infrastructure security and closed all the vulnerable ports, reviewed and updated all access privileges to its system and its infrastructure.
Dunzo says that it has also reviewed all the third-party plugins and integrations and enhanced its logging and tracing even further across various services to monitor and get alerted about any suspicious activity.
“We know that when you use Dunzo, you trust us with your information. We are committed to earning that trust from you, every single day on every single order. While our best teams are working on resolving and strengthening our security efforts, we’re also engaged with leading cybersecurity firms and experts to further strengthen our efforts,” Mukund Jha, chief technology officer of Dunzo said.
“We believe that all necessary steps have been taken to resolve the security breach and will keep you updated if we know more,” he added.
Dunzo has also asked customers to reach out to datasec@dunzo.in if they have any additional questions.