Profile picture
, 6 tweets, 2 min read
My Authors
Read all threads
Dunzo, one of India's most popular hyper-local delivery apps (funded by Google) said its user phone numbers and email addresses were breached in a #cybersecurity incident.

Here's what we know 👇
1. Attackers compromised servers of a third party that Dunzo works with, and accessed the Dunzo database through them.

2. Payment info (credit cards etc) was not compromised

3. Passwords were not compromised because Dunzo uses OTPs

What we don't know 👇
1. We don't know if email addresses of all users have been compromised, or only some.

2. Who the vendor is. Dunzo hasn't disclosed the name.

There remains a risk (if the vendor wasn't working exclusively with Dunzo) that other databases could have been compromised.

+
3. How was Dunzo giving access to a database with emails & phone numbers to a vendor.

IMPORTANTLY

1. It's not that this data cannot be useful for hackers. Email addresses and phone numbers are data that users do not change.

+
This data can be used for phishing attacks over voice, text & email.

2. This is a responsible disclosure from Dunzo, & should be acknowledged. Many many co's do not disclose breaches.

QUESTION

What else could Dunzo have done? If you think they've done enough here, let me know
Do read @Aditi_muses 's story here medianama.com/2020/07/223-du…
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Nikhil Pahwa

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#cybersecurity

More from @nixxin see all

Profile picture
Nikhil Pahwa
@nixxin
India has banned 59 Chinese apps. The list is below.

Thread with my comments on this follows 👇 (1/6)
1. This is the very first time, to my knowledge, that the Indian govt has actually ANNOUNCED a ban on apps under Section 69 of the IT Act. You know what's surprising? They don't NEED to announce it. Section 69 allows for secret govt blocking. (2/6)
Thus, this is a POLITICAL decision. It has been announced to send China a message. It should not be seen as anything but a political decision. No change in way these apps function over the past 3 months. If this is the right decision, why wasn't it taken a year ago? (3/6)
Read 12 tweets
Profile picture
Nikhil Pahwa
@nixxin
Thread: I attended an Zoom call (also live-streamed on FB) on Sunday, on invitation from BJP's Vinit Goenka, who has filed a case in the SC against Twitter.

Mr. Goenka called for Twitter to be declared a terrorist org. My story on this call: medianama.com/2020/06/223-vi… (1/n)
Not only did Mr. Goenka call for twitter to be declared a terrorist organisation, but also for charges of sedition to be filed against the company’s public policy officials, and cases and complaints to be filed against them across the country medianama.com/2020/06/223-vi… (2/n)
On the call were various other complainants. One has filed complaints with commissioners of Police in Mumbai and Pune, as well as the NIA. Others in their local police stations. One said he is in the process of filing a case in Gujarat HC medianama.com/2020/06/223-vi… (3/n)
Read 8 tweets
Profile picture
Nikhil Pahwa
@nixxin
The battle between Twitter and Trump is escalating, and this might not end well for the rest of us. Trump's executive order on social media achieves little, but it's more of a threat that it could change the way the Internet works.

#Thread 1/n

whitehouse.gov/presidential-a…
(2/n) Reason why we're can upload content on sites like YouTube,FB,Reddit,Twitter,every forum,all blogs (w comments) is because 230(c) of US Communications Decency Act provides safe harbor: platform/ISP is not liable for content that you and I create( but we are). +
(3/n) This is why Facebook allows you to post on Facebook. Blogs and Reddit allow you to comment. YouTube allows you to upload your videos. ISPs allow you to create your own site. Therefore, 230(c) (& India's IT Act Section 79) PROTECT the platforms that ENABLE our free speech.
Read 19 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!