Dunzo, Elyments apps suffer cyber attack

Dunzo, Elyments apps suffer cyber attack

Last weekend, two popular Indian apps Dunzo and Elyments revealed that they suffered a major cyber attack.

Dunzo, Google-backed product delivery service company said that it noticed a security breach that involved unauthorized access to one of their databases, which happened to contain its users' phone number and email IDs. 

But, thankfully, payment information like debit/credit card number details of the consumers, was not compromised, as Dunzo stored them in other more secured servers.

Taking cognisance of the security breach, Bengaluru-based startup said it has fixed all the vulnerabilities and added extra layers of security protocols to prevent cyber attacks in the future.

Also, the company has managed to secure all its database and data stores from the network and access standpoint.

Furthermore, it has reviewed all third-party pluggins and integration. The company has also enhanced its logging and tracing even further across various services to monitor and get alerted about any suspicious activity.

Dunzo app on Apple App Store (screen-grab)

Additionally, it has rotated all the access tokens and updated all passwords as a precautionary measure.

"We know that when you use Dunzo, you trust us with your information. We are committed to earning that trust from you, every single day on every single order. While our best teams are working on resolving and strengthening our security efforts, we’re also engaged with leading cybersecurity firms and experts to further strengthen our efforts. We believe that all necessary steps have been taken to resolve the security breach and will keep you updated if we know more." Mukund Jha, chief technology officer, Dunzo said.

Elyments suffers coordinated cyber attack
Its been barely two weeks since Elyments social media app made its debut on app stores. Within the hours after going live online, it received a tremendous response from mobile users and the app registered 1 million downloads on day one (July 5) and breached 2 million on day four and reached the number one trending app status on both Apple App Store and Google Play.

Elyments socia media app website (screen-grab)

In the initial days, the app faced outage as the server couldn't handle the OTP (One-Time-Password) requests for users' registration, but it was finally fixed in two days.
However, the company also noticed a malicious campaign to block the app functioning with signs of Distributed Denial of Service (DDoS)-style cyber attack. 

"Almost immediately after launch, there was a  phenomenal amount of malicious traffic. In fact, within 4 hours of launch, there was a coordinated attack with the intention of forcibly bringing down our systems. This ended up severely hampering user experience and the failed OTPs," Elyments said.

"It took us two days to bounce back, but now we have 57k reviews with a rating of 4.5. In the past three days, OTPs have been going through, people are chatting, calling, posting... in fact 1M+ people have been using the app each day," the company added.

It is widely reported that this might be a handiwork of hackers with origins in Pakistan and China, but there is no official word neither from the government nor Elyments.

Stay tuned. Get the latest news on new launches, gadget reviews, apps, cyber security, and more on personal technology only on DH Tech.

Get a round-up of the day's top stories in your inbox

Check out all newsletters

Get a round-up of the day's top stories in your inbox