scorecardresearch
Follow Us:
Wednesday, August 05, 2020

Personal data of 3.4 million Dunzo users exposed: Here’s what happened

Earlier in July, Dunzo confirmed a massive data breach in which personal data such as mobile number and email address of customers’ were exposed. Fresh updates on the beach are highlighted.

By: Tech Desk | New Delhi | Updated: July 30, 2020 3:02:45 pm
dunzo, dunzo data breach Dunzo breach explained: Personal data of 3.4 mn users affected in massive data breach

Earlier in July, Dunzo confirmed a massive data breach in which personal information of users such as mobile number and email address were exposed. Fresh updates on the beach are coming from Dunzo now. In an internal investigation, the delivery service provider discovered that information compromised contained additional Personally Identifiable Information (PII) data as well.

What kind of user data exposed?

Dunzo explained that affected information included details such as last known location, phone type, last login dates. The company further found that the database also contained advertising-related attributes including a few specific PII — device info, last known IP address, and advertising id. Earlier the company confirmed that phone numbers and email address of users were exposed.

Which data are safe?

Sticking to its past claims Dunzo has further clarified that payment information like credit cards are not stored on Dunzo servers and hence are not at risk. So, users must know that no financial or payment details have been affected by the breach.

What exactly happened?

The delivery service provider explained that the servers of a third party it works with were compromised and this allowed the attacker to get unauthorized access and breach into Dunzo’s database. The company also revealed that no users’ home addresses were compromised during this data breach.

How many users are affected?

Dunzo is yet to reveal the number of user data that have been exposed in the breach but according to haveibeenpwned website, 3,465,259 user accounts have been breached.

Safety measures are taken by Dunzo

Dunzo is taking all the required steps so such incidents don’t happen again, the company said. In the blogpost, Dunzo noted, “We are ensuring your data’s security is our top priority and that every user is informed and aware. With the recent second wave of conversations around this breach, we are proactively re-sending communication to users as some may have missed the security update.”

Some of the safety measures Dunzo is taking are as follows:

* Secured all database and data stores from network and access standpoint

* Rotated all the access tokens and updated all passwords as a precautionary measure

* Tightened infrastructure security and closed all the vulnerable ports

* Reviewed and updated all access privileges to the system and infrastructure

* Enabled Firewall and Threat intelligence tool for even better monitoring

* Reviewed all the third-party plugins and integrations

* Enhanced logging and tracing even further across various services to monitor and get alerted about any suspicious activity.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

Advertisement
Advertisement
Advertisement
Advertisement