What you need to know
- DoorDash suffered a major server breach in May 2019.
- Almost 5 million users had their data accessed.
- Only accounts created before April 5, 2018, were affected.
In a recent blog post, Android and iOS food delivery app DoorDash has confirmed that almost 5 million of its users have been affected by a data breach in its servers.
The post claims that DoorDash was notified earlier in September about unusual activity involving one of its third-party service providers. Upon investigation, it was confirmed that an unauthorized third party accessed DoorDash user data on May 4, 2019. There are roughly 4.9 million affected accounts, including not just customers but Dashers and merchants as well. Users who joined the service after April 5, 2018, have not been affected by the breach.
According to DoorDash, data accessed includes names, email addresses, delivery addresses, order history, phone numbers and password which would be indecipherable to anyone accessing the information. Some consumers may have had the last four digits of their consumer payment cards accessed, however, the full card number and CVVs were not accessed. DoorDash was keen to point out that the information accessed was not sufficient to allow someone to make fraudulent purchases on your card.
Likewise, some Dashers and merchants had the last four digits of their bank account numbers viewed. But again, DoorDash was adamant this would not be sufficient to make any withdrawals. Around 100,000 Dashers also have their driver's license number accessed.
This is obviously a monumental breach for DoorDash. In response, it claims to have taken a number of steps to ensure the security of its data going forward. Any affected users will be contacted directly by DoorDash which will advise what specific information of theirs was accessed. In the meantime, all users have been encouraged to change their DoorDash passwords.
