Hyperlocal delivery platform Dunzo's database with users' phone numbers and email addresses was breached by an attacker, the company CTO Mukund Jha announced on Saturday. The attacker compromised the servers of a third party that the company works with through which the attacker unauthorised access to Dunzo's database. The company said that this database had no payment information such as credit card numbers "as we do not store this data on our servers". In its email sent to customers notifying them of the breach, the company has not recommended changing passwords. Those of us who use the service at MediaNama did not receive an email. In a statement to MediaNama, the company said that it has "addressed and resolved the issue" for all its users. Dunzo released this information after conducting an internal investigation. It said that it had engaged "leading cybersecurity firms" to strengthen its security efforts. Here are the Dunzo spokesperson's responses to our questions: MediaNama:Have users' passwords also been compromised? Dunzo: We have an OTP based login system on sign-up and hence we don't use or store any user passwords. MediaNama: What is the scale of the breach, that is, how many Dunzo users' email addresses and phone numbers were breached? Dunzo: We can confirm one database has been breached which had phone numbers and emails of our consumer base. However, we believe that all necessary steps have been taken to resolve the security breach and will keep you updated if we know more. MediaNama: Why haven't…
