Google funded delivery service Dunzo hacked; 11GB worth of data leaked

The exact date of Dunzo data breach is unclear however its database was leaked last week.

A Google-sponsored hyperlocal delivery service startup Dunzo has confirmed to have suffered a data breach affecting one of its databases containing customer records.

It is worth noting that Dunzo acknowledged the data breach last week. However, this article includes additional details including a screenshot that shows what was stolen and leaked by the hacker.

The scope of the data breach is yet not determined as Dunzo didn’t reveal the number of affected users. However, the company announced that financial data, including credit card numbers, weren’t exposed.

Hackread.com, on the other hand, can exclusively confirm that the stolen Dunzo database has now been leaked on an infamous hacker forum by ShinyHunter who was behind Tokopedia, Minted, and Bhinneka breach.

The leaked database contains 11.2 GB worth of data including more than 8 million lines with information like:

Username
Country
Device
Full names
Secret key
Email addresses
Password hashes 
Phone numbers
Token number
Date of joining 
First/last location, etc.

Here’s a preview of the leaked data:

Dunzo offers pick-up and delivery services in eight Indian cities, including Chennai, Delhi, Bengaluru, Mumbai, Jaipur, Gurugam, Pune, and Hyderabad. The company delivers all kinds of items, from medicines to food and groceries.  

After probing the issue, Dunzo released an official statement explaining that a third-party service associated with the company was initially compromised, leading to the breach of their security measures and compromising the database. The third-party service was responsible for storing Dunzo’s customer data.

According to the company’s CTO Mukund Jha, their tech team promptly addressed the issue to patch the security flaw and added new “layers of security protocols.” All the vulnerable ports are now closed, and infrastructure security is amplified.

Dunzo has enhanced its logging and tracing mechanism as well to timely receive alerts regarding any suspicious activity. Jha further stated that they are collaborating with the best cybersecurity experts and firms to strengthen their security infrastructure.

Our teams are additionally working with two external leading cybersecurity firms to further strengthen all our security practices. This will help ensure that in the future, there is no thread of any unauthorized access to our data, Jha said in a blog post.

Nevertheless, this is not the time when the delivery service in India has been targeted by hackers. Previously, Hackread.com exclusively reported on how Zomato was hacked and 17 million customers’ accounts were sold on the dark web.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.