On Thursday, DoorDash introduced in a blog post that an “unauthorized third party” had accessed consumer knowledge of roughly 4.9 million “consumers, Dashers, and merchants.” DoorDash stated names, e mail addresses, supply addresses, order histories, telephone numbers, and hashed, salted passwords all “could” have been accessed. But it’s not clear what, if something, might need been carried out with the information by the third celebration.
Some monetary info was additionally accessed. DoorDash stated that “for some consumers,” the final 4 digits of cost playing cards have been accessed, however full card numbers and CCV numbers weren’t. In addition, some couriers and retailers additionally had the final 4 digits of their checking account numbers accessed. Approximately 100,000 of the corporate’s supply employees had their driver’s licenses compromised as nicely.
DoorDash stated the information was accessed on May 4th, however the firm didn’t uncover the breach till someday after it started an investigation earlier this month of “unusual activity involving a third-party service provider.” The firm is informing clients affected by the breach now. The breach is believed to have primarily focused DoorDash customers who signed up earlier than April fifth, 2018, though the corporate recommends altering your password no matter whenever you signed up, “out of an abundance of caution.”
The breach comes a few yr after some DoorDash clients stated their accounts had been hacked, however DoorDash informed TechCrunch on the time that there had not been a knowledge breach. We’ve reached out to DoorDash for remark and can replace this text with something we hear.