As the investigation unfolds in the data breach at Dunzo, a hyperlocal delivery startup, it has been revealed that personal information of around 3.5 lakh users have been made breached. Security researcher Troy Hunt has informed that at least 3,465,259 accounts have been affected due to this data breach. Besides, the updated blog post by Dunzo's CTO Mukund Jha said that users' last known location and date, phone type were also compromised.
Moreover, the number of accounts impacted is nearly seven times higher than last October's estimate of monthly transacting users. As a part of their voluntary disclosure, the company had said that only emails and phone numbers of the users were compromised.
What is the issue?
Earlier this month, Dunzo had reported that their data has been compromised. The company launched an internal investigation into the matter. The company had said that the hacker gained unauthorized entry into one of its databases. It further claimed that third party servers with which Dunzo works were compromised and access was gained to its database but the company refused to reveal the name of the vendor whose data was breached.
However, the company had further said that no payment information including credit card details and passwords were compromised in this breach. As per a report in Medianama, It's uncertain how many Dunzo users were informed of the hack before the contents were public, and whether the company decided to wait for the attack data to be made public before warning users about the nature of the leaked information and how many users were affected.
In an updated post today the CTO further said, "The breach included information, like last known location, phone type, last login dates." Although the post does not say that the addresses of the users were also revealed Tory hunt, the security researcher argued that it is likely that even the addresses have also been exposed.