Dunzo data breach contained personal information of over 3 million accounts

NEW DELHI: The Dunzo data breach, reported earlier this month, was bigger than earlier expected. Information leaked through the data breach has now been uploaded on haveibeenpwned.com, a website which is used by security researchers to help the public find whether their data had been part of any breaches. Through this upload, the website details 3,465,259 accounts of Dunzo users.

The total number of breached accounts wasn’t disclosed by Dunzo in its voluntary disclosure earlier. The company had said its investigation at the time showed phone numbers and email addresses had been leaked, but the haveibeenpwned filing shows more information was involved.

Dunzo has also updated its blog post about the breach today, adding that personally identifiable information (PII) other than email and phone numbers were included in the breach. The leaked information includes Device information, email addresses, geographic locations (last known location), IP addresses, names, phone numbers.