Experts re Dunzo food delivery svc. breach

In response to news that the India-based, Google-backed food delivery service Dunzo suffered a data breach, cybersecurity experts offer perspective.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Laurence Pitt
Laurence Pitt , Global Security Strategy Director
InfoSec Expert
July 15, 2020 12:25 pm

While Dunzo correctly reported the breach, to say that it’s not serious because no credit card information was stolen is downplaying the situation. Stolen credit cards can be canceled and payments are usually covered by the card company. However, the email addresses and telephone numbers in a delivery system are likely to be current for the users, as they use it to validate deliveries. That makes the stolen data more valuable in the short-term because people will not want to change their number or get a new email address.

Many people use 2FA with their mobile phone to recover passwords against email addresses. Dunzo should be instructing people to watch for password reset requests, or 2FA codes on their phones, as these could indicate someone is attempting to use the stolen data to gain access to other sites/applications.

Today, there’s no such thing as a breach where ‘no major damage is done’.

Last edited 2 years ago by Laurence Pitt
1
0
Would love your thoughts, please comment.x
()
x