Here's what Dunzo is doing after data of its 3.5mln users leaked

Dunzo, earlier this month, reported a massive breach in its servers. At the time, the delivery service provider had said that the phone numbers and email address information had been compromised in the breach emphasising on the fact that no payment information had been leaked. Now, Dunzo has shared more information about the hack.

The company says that upon investigation, the company found out that in addition to phone numbers and email addresses, Personally Identifiable Information (PII) data of its users, which includes their last known location, phone type and last login dates were also compromised in the breach.

In addition to that, Dunzo said that the affected database also contained advertising-related attributes including a few specific PII — device info, last known IP address, and advertising id.

“As confirmed earlier, payment information like credit cards are not stored on Dunzo servers and hence are not at risk. Additionally, no users' home addresses were compromised during this data breach either,” Dunzo said in a post on Medium.

Notably, Dunzo hasn't shared the exact information as to how many users were affected in the breach. However, Have I Been Pawned reports that 3,465,259 user accounts have been compromised in the breach that took place last year in June and was reported earlier this month.

Dunzo had taken several steps on knowing about the breach earlier this month. This includes securing all its databases, rotating all the access tokens and updating all passwords, tightening infrastructure security and closing all the vulnerable ports, enabling firewall and threat intelligence tools and reviewing all the third-party plugins and integrations among other things. Now, the company is reaching out to the affected users more proactively. “With the recent second wave of conversations around this breach, we are proactively re-sending communication to users as some may have missed the security update,” the company added.