4.9 million users’ affected by DoorDash security breach

Security / Tech

The company says not every user was affected by the security breach, but a good chunk of them have been. DoorDash says users who joined after April 5, 2018, are not affected

DoorDash is a popular online delivery service which millions of people use on a daily basis. DoorDash works with hundreds of restaurants providing the service for them and customers do not mind paying the additional fees. The company also works with grocery stores which makes the DoorDash service great for seniors who may not be able to make it to the store.

But now, the company is finding itself wrapped up in a security breach that has affected 4.9 million users’. The company says not every user was affected by the security breach, but a good chunk of them have been. DoorDash says users who joined after April 5, 2018, are not affected by the security breach but everyone before that date is.

Here’s what DoorDash had to say about the security breach and what data might be included in the breach:

Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users.

We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.

DoorDash
  • Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
  • For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
  • For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
  • For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
Dashlane DoorDash security breach
Change your password.

DoorDash is reaching out to the specific customers that were affected, they also don’t believe that passwords were affected but suggest all users should change their passwords.

What do you think of this security breach? Are you a DoorDash user? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.

  Source: DoorDashBlog

Last Updated on

Comments
To Top