DoorDash, a popular food delivery company, said in a recent blog post that roughly 4.9 million customers, delivery workers, and restaurants had sensitive information stolen by hackers. The company blamed the breach on an unnamed “third-party service provider,” and offered no reason why it took them almost five months to detect it.
DoorDash said the data breach happened on May 4, 2019, but customers who joined after April 5, 2018 were not affected by the breach. Users who joined the platform before April 5, 2018 may have had their name, email, delivery address, order history, phone numbers, and encrypted passwords stolen. DoorDash is reaching out directly to notify everyone affected, so be sure to keep an eye on your inbox.
Some customers affected by the breach may have also had the last four digits of their payment card numbers stolen. Full credit card numbers and card verification values (CVV) were not taken. The company also said that some of its delivery workers (known as “Dashers”) and merchants had the last four digits of their bank account numbers taken. Around 100,000 Dashers had their driver’s license information taken in the breach.
Although DoorDash is reaching out directly to anyone affected by this data breach, they’re also encouraging users to reset their passwords. This can be done by visiting https://www.doordash.com/accounts/password/reset/ and using the email address associated with your DoorDash account.
For further information, you can read the company’s entire blog post, or call the 24/7 support center at 855–646–4683.