Google-backed delivery services start-up Dunzo has disclosed that one of its customer databases suffered a data breach. The data breach exposed phone numbers and email addresses of users. Dunzo did not disclose the exact number of users affected by the data breach. The company stated that no payment information, like credit card numbers, was compromised as this data is not stored on servers.
"Recently, our team identified a security breach that involved unauthorized access to one of our databases. While we are still investigating, we believe it is our responsibility to inform you as soon as possible. We've always taken safety very seriously and we're sorry that this happened. Our team is doing everything we can to ensure we make this right," Dunzo's CTO Mukund Jha said in a blog post on Medium.
In his statement, Jha said that servers of a third party were compromised, which allowed the attacker to get unauthorised access and breach Dunzo's database. Listing the steps taken to contain the damage, he said that all database and data stores from network and access standpoint were promptly secured. The company also rotated all the access tokens and updated all passwords as a precautionary measure.
Jha further stated that infrastructure security has been tightened and all the vulnerable ports were closed. All access privileges to the platform's system and infrastructure were reviewed and updated, as well as all the third-party plug-ins and integrations were reassessed.
Logging and tracing were enhanced even further across various services to monitor and get alerts about any suspicious activity, Jha said.
"While our best teams are working on resolving and strengthening our security efforts, we're also engaged with leading cybersecurity firms and experts to further strengthen our efforts," Jha further said.