Almost five months after the breach, DoorDash has revealed that 4.9 million user accounts were affected by unauthorised third-party access on May 4, 2019. According to the findings, several data of millions of users who joined Doordash on or before April 5, 2018, was accessed.
Primarily, private user data such as email addresses, names, delivery addresses, order history, phone numbers, and hashed, salted passwords were accessed during the breach.
The company also found that the last four digits of payment cards were also accessed in some cases, though the full numbers or the CVV wasn’t touched. In some other cases, the last four digits of the user’s bank account were also accessed.
The company maintains that none of this financial information will be enough for fraudulent withdrawals.
Other than that, approximately 100,000 driver license numbers of delivery partners were also accessed.
“Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorised third party accessed some DoorDash user data on May 4, 2019,” the company explained.
Doordash is currently in the process of reaching to the users that have been affected by the breach — which might take several days — and will be explaining the specifics about the information that was accessed.
“We took immediate steps to block further access by the unauthorised third party and to enhance security across our platform. We are reaching out directly to affected users.”
Although according to the company, users who registered after April 5, 2018, were not affected, it would be in the best interest of all the users to change their password. You can change your password via this link. Users can also reach out to the company via the dedicated 24/7 call centre number 855-646-4683.
Following the breach, DoorDash says they have added security layers to its platform to protect the data, improved their security protocols that give access to systems and has also hired outside help to identify and defend against such threats in the future.