Google-backed delivery startup company Dunzo revealed Saturday, July 11, 2020, that it suffered from a security data breach. The incident reportedly exposed users’ phone numbers and email addresses.
Dunzo is an online delivery platform designed to deliver food, grocery, medication, and pet supplies from select parts of India. According to Gadgets 360, the service caters to eight cities, including Bengaluru, Chennai, Delhi, Gurugram, Hyderabad, Jaipur, Mumbai, and Pune.
Google has invested a minority stake in the company, leading a $12-million funding round in 2017, notes Tech Radar. The partnership with Google gives Dunzo access to more than 67 million Indians who utilize the Google Pay app.
In a blog post by the chief technology officer of the startup, Mukund Jha, said, the data breach occurred after a database from a third-party company was compromised. In a statement, Jha said, “No payment information like credit card numbers was compromised as we do not store this data on our servers.”
Besides disclosing the incident to the public, the Dunzo chief technology officer also issued an apology to the public, saying “We’ve always taken safety very seriously and we’re sorry that this happened. Our team is doing everything we can to ensure we make this right.”
As of writing, the startup delivery company maintains that they are still undergoing investigation. The Google-backed delivery platform is working with cybersecurity firms following the data breach.
The internal investigation conducted by the firm, however, showed that the compromised third-party server served as the jumping point for the attacker to gain unauthorized access and breach the company’s database.
Following the incident, the company has reportedly added security measures to ensure user data is protected. Likewise, Tech Radar states that the firm has secured its serves and data stores from the third-party provider.
It has also reviewed third-party plugins and integrations as part of its tightened security protocols.
Gadgets 360 shares that Dunzo has also enacted security measures to secure the existing logging and tracking mechanisms in place. This would allow the company to oversee and see alerts on suspicious and malicious activities done on its servers.
According to Tech Radar, the delivery startup company has notified users of the data breach. It has not, however, suggested users change their respective passwords as the current log-in system in place does not use nor store user passwords. Instead, the technology relies on a One-Time Password (OTP) approach.
Despite disclosing the incident and the cause of the breach, Gadgets 360 points out that Dunzo has failed to reveal who its third-party provider was.