Dunzo is one of India’s most popular hyper-local delivery apps, funded by Google. Recently, a cybersecurity incident happened, phone numbers and email addresses of users are in danger.
The hackers gained access through servers of a third party that Dunzo works with. However, payment info credentials i.e the credit card details are not compromised. Users’ passwords are also safe since Dunzo uses OTPs. However, it is not clear whether the attackers gained access to all users’ data or only some of Dunzo users.
Dunzo clarified that users’ credit card details are not in its server; hence it is safe. The company has sent notification to customers regarding the breaching activity. Users who receive the notification should change their password immediately.
Although Dunzo did not reveal the vendor ‘s identity (the information of third parties), there is a possibility that the provider in question did not deal specifically with Dunzo. This means other apps customer accounts may well have been hacked.
Dunzo and Third Parties
While concerns emerge as to why Dunzo allowed third-party provider access to user private information, it is important to remember that leaked data-email addresses and phone numbers are user records that don’t change regularly. You can use this data to phish attacks over voice, text, and email.
Most businesses are avoiding security vulnerabilities and violations of privacy. However, Dunzo admitted the vulnerability and assumed full responsibility for the accident surrounding the data loss.
When the news comes out, some users have attempted to sign in to their Dunzo account to update their telephone number, email addresses. Some have tried to uninstall their account permanently from the network, but the deletion of the account is not working yet for some unexplained reason.
Sharing this cybersecurity breach information with users only after a thorough investigation, Dunzo said it has engaged leading cybersecurity firms to strengthen its security framework.