India’s standard hyperlocal transport platform Dunzo‘s database with users’ phone numbers and electronic mail addresses used to be reportedly breached by an unidentified attacker.
In a welcome proactive circulation, Dunzo CTO Mukund Jha himself made the news of this attack public.
In a blogpost, Jha wrote: “No longer too long in the past, our personnel known a security breach that involved unauthorized ranking entry to to 1 among our databases. While we’re nonetheless investigating, we deem it is our accountability to describe you as rapidly as that that it is possible you’ll take into accounts. We’ve continually taken safety very severely and we’re sorry that this happened. Our personnel is doing all the pieces we can to invent sure we invent this correct.”
As rapidly as we grew to vary into attentive to the breach, we launched an inner investigation to search out out what happened, he added.
- Swiggy pivots for unique record as all-reason transport firm
- Amazon to launch meals transport carrier to judge on Zomato, Swiggy
- Is it going to be Ambani vs Amazon?
What the attacker accessed?
Per Dunzo, the servers of a third ranking together that the firm works with had been compromised. This allowed the attacker to ranking unauthorized ranking entry to and breach Dunzo’s database.
This database did private particular person phone numbers and electronic mail addresses. But Dunzo says: “No fee files admire bank card numbers used to be compromised as we halt no longer store this knowledge on our servers.”
In an electronic mail sent to possibilities notifying them of the breach, Dunzo has no longer suggested to them to change passwords. Dunzo, despite all the pieces, makes exercise of OTP-essentially based login system on signal-up and attributable to this reality doesn’t exercise or store any particular person passwords.
Even supposing it is no longer sure how many possibilities could were impacted by the attack, Dunzo acknowledged that it has “addressed and resolved the difficulty for all its users.”
The firm acknowledged it has secured all its database and files stores from network and ranking entry to standpoint. “Tightened infrastructure security and closed the total inclined ports and reviewed the total third-ranking together plugins and integrations,” it added.
The Google deal
The 5-one year-mature startup is a essential participant in hyperlocal transport carrier, and delivers groceries, perishables, pet affords, prescription treatment and meals from restaurants. Within the lockdown period, its products and companies had been highly sought after in the cities it operates.
It is operational in Bengaluru, Delhi, Gurugram, Pune, Chennai, Jaipur, Mumbai and Hyderabad.
Google had invested a minority stake in the challenge in 2017, when it led a $12 million funding round. Many analysts had acknowledged this used to be Google’s advance coming into the ‘going down’ Indian transport location in a low-key manner.
The tie-up enables Google to exercise Dunzo’s transport products and companies, whereas Dunzo will get ranking entry to to bigger than 67 million Indians who exercise Google’s Pay app.
Rather than Google, varied traders who private chipped in Dunzo embrace: Lightbox Ventures, STIC Investment, STIC Ventures and 3L Capital.