DoorDash Data Breach Affects Nearly 5 Million Customers
Food-delivery service DoorDash said Thursday that the personal data of 4.9 million customers, workers and merchants was compromised earlier this year through an unnamed third-party service provider. The leaked data may have included names, delivery addresses, phone numbers, order history and the last four digits of customers’ credit cards. Passwords were also compromised, though in an undecipherable form.
The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach. It’s not clear why it took almost five months for DoorDash to detect the breach.
This DoorDash data breach comes about a year after customers complained that their accounts had been hacked. The company at the time denied that a data breach had happened.
Who was affected and what data was accessed?
Not every user was affected. Approximately 4.9 million consumers, Dashers, and merchants who joined our platform on or before April 5, 2018, are affected. Users who joined after April 5, 2018 are not affected. The type of user data accessed could include:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
Read more here.