Dunzo, one of India's most popular hyper-local delivery apps (funded by Google) said its user phone numbers and email addresses were breached in a #cybersecurity incident.
Here's what we know 👇
Here's what we know 👇
1. Attackers compromised servers of a third party that Dunzo works with, and accessed the Dunzo database through them.
2. Payment info (credit cards etc) was not compromised
3. Passwords were not compromised because Dunzo uses OTPs
What we don't know 👇
2. Payment info (credit cards etc) was not compromised
3. Passwords were not compromised because Dunzo uses OTPs
What we don't know 👇
1. We don't know if email addresses of all users have been compromised, or only some.
2. Who the vendor is. Dunzo hasn't disclosed the name.
There remains a risk (if the vendor wasn't working exclusively with Dunzo) that other databases could have been compromised.
+
2. Who the vendor is. Dunzo hasn't disclosed the name.
There remains a risk (if the vendor wasn't working exclusively with Dunzo) that other databases could have been compromised.
+
3. How was Dunzo giving access to a database with emails & phone numbers to a vendor.
IMPORTANTLY
1. It's not that this data cannot be useful for hackers. Email addresses and phone numbers are data that users do not change.
+
IMPORTANTLY
1. It's not that this data cannot be useful for hackers. Email addresses and phone numbers are data that users do not change.
+
This data can be used for phishing attacks over voice, text & email.
2. This is a responsible disclosure from Dunzo, & should be acknowledged. Many many co's do not disclose breaches.
QUESTION
What else could Dunzo have done? If you think they've done enough here, let me know
2. This is a responsible disclosure from Dunzo, & should be acknowledged. Many many co's do not disclose breaches.
QUESTION
What else could Dunzo have done? If you think they've done enough here, let me know
Do read @Aditi_muses 's story here medianama.com/2020/07/223-du…
