Dunzo's breach of etiquette

Why read this story?

Editor's note: On 10 July, Mukund Jha disclosed that Dunzo had experienced a data breach. In his Medium post, the chief technology officer of the Bengaluru-based hyperlocal delivery app stressed that users’ payment information remained safe, since such information wasn’t on the affected servers. That’s because credit card, bank account and sensitive financial data is typically stored by payment processors (banks, payment gateways and fintech companies). The breach, he added, only involved numbers and email addresses. The leak itself was traced to the servers of a third party Dunzo works with. “This allowed the attacker to get unauthorized access and breach our database,” Jha wrote, as if to imply that (a) information stored locally with Dunzo is safer, and (b) Dunzo isn’t responsible for security lapses by the third parties it shares our data with. You already know about this leak if you’ve used Dunzo. If not, an alert by Have I Been Pwned? or Firefox Monitor—both services that inform you when your data is breached—then you probably received an email from Dunzo, or read about it in the newspaper. Then, at …