DoorDash Acknowledges Data Breach Hitting Almost 5 Million Users
DoorDash, the on-demand food delivery service, is the latest to reveal it has been a victim of a data breach. The company announced via a blog on its site that a data breach, impacting roughly 4.9 million users had been detected earlier in the month of September 2019, involving a third party service provider. The unauthorized access took place on May 4, 2019 and potentially impacts users – both consumers and merchants – who joined the platform on or before April 5, 2018.
In the DoorDash statement the company stresses that not all users are impacted and affected users will be contacted directly by the company.
The company asserts that once the breach was detected an investigation was launched leveraging external security experts and steps were immediately take to block any further unauthorized access. According to a statement from DoorDash, “We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
According to the company statement, the type of user data accessed could include:
Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
The company is directing concerned consumers to its website for further information and a dedicated call center is available 24/7 for support at 855–646–4683.