New Delhi: In a massive data breach, 3,465,259 user accounts of Dunzo have been compromised, according to haveibeenpwned website.
In an internal investigation, the consumer security website and email alert system discovered that information compromised contained additional Personally Identifiable Information (PII) data as well, according to a report in The Indian Express.
Affected information included details such as last-known location, phone type, last login dates.
The company further found that the database also contained advertising-related attributes including a few specific PII — device information, last-known IP address and advertising ID.
Earlier, the company confirmed that phone numbers and email address of users were exposed.
The servers of a third party it works with were compromised and this allowed the attacker to get unauthorized access and breach Dunzo’s database. However, users’ home addresses weren’t compromised.
In the blogpost, Dunzo noted: “We are ensuring your data’s security is our top priority and that every user is informed and aware. With the recent second wave of conversations around this breach, we are proactively re-sending communication to users as some may have missed the security update.”
According to the report, Dunzo has adopted following safety measures:
* Secured all database and data stores from network and access standpoint
* Rotated all the access tokens and updated all passwords as a precautionary measure
* Tightened infrastructure security and closed all the vulnerable ports
* Reviewed and updated all access privileges to the system and infrastructure
* Enabled Firewall and Threat intelligence tool for even better monitoring
* Reviewed all the third-party plugins and integrations
* Enhanced logging and tracing even further across various services to monitor and get alerted about any suspicious activity.
