The popular food delivery company DoorDash has revealed it is the latest firm to experience a data breach. Here’s everything we know so far:
- The breach happened on May 4, 2019, when an unauthorized third party accessed some DoorDash user data. However, DoorDash only discovered the breach earlier this month.
- Approximately 4.9 million consumers, DoorDash delivery workers, and merchants who joined the platform on or before April 5, 2018, are affected.
- Users who joined DoorDash after April 5, 2018, are not affected.
- Profile information including names, email addresses, delivery addresses, order history, and phone numbers were accessed in the breach.
- Passwords were also accessed in the breach, however, they were salted and hashed, which in theory makes them unreadable.
- Some but not all of the DoorDash customers affected had the last four digits of consumer payment cards accessed. However, DoorDash says “full credit card information, such as full payment card numbers or a CVV, was not accessed.”
- Likewise, some but not all of DoorDash delivery workers and merchants had the last four digits of their bank account number breached. Again, here DoorDash says “full bank account information was not accessed.”
- Unfortunately, for about 100,000 DoorDash delivery workers, their driver’s license numbers were also accessed.
DoorDash says it’s reaching out to all users who had their account information breached. As a precaution, the company is also encouraging all of those affected to reset their passwords. DoorDash has also set up a dedicated call center available 24/7 for support at 855–646–4683.