- The organization became aware of the incident earlier this month and immediately launched an investigation.
- The breach occurred due to unauthorized third-party access.
DoorDash, a food delivery platform, has again come under fire for a major data breach that occurred on May 4, 2019. The firm has released a notification about the breach that impacted approximately 4.9 million customers, workers, and merchants.
As per DoorDash’s breach notification, the organization became aware of the incident earlier this month and immediately launched an investigation.
The breach occurred due to unauthorized third-party access. During the investigation, it was found that the potential hackers had gained access to some DoorDash user data on May 4, 2019.
Who is affected?
Consumers, Dashers, and merchants who joined the platform on or before April 5, 2018, are affected in the breach. However, the users who joined after the date are not affected.
What data is involved?
The type of user data accessed could include:
- Profile information like names, email addresses, delivery addresses, order history, phone numbers, as well as hashed & salted passwords. For some customers, the last four digits of their payment cards were also compromised. However, full credit card information such as card numbers or CVV was not accessed.
- The last four digits for some Dashers and merchants were also affected.
- For approximately, 100,000 Dashers, their driver’s license numbers were also accessed.
What steps have been taken?
DoorDash has confirmed to have taken additional steps to secure users’ data. This includes adding protective layers around the data, improving security protocols that govern access to the company’s systems. It has also hired experts to increase its ability to identify and repel future threats.
What users should do?
The firm has urged its customers to change the passwords in order to prevent access to their accounts.
Recap of the previous breach
In 2018, the food delivery platform had suffered the brunt after multiple customers complained about a possible hack of their accounts. The customers had reported that their accounts were hacked and orders were placed by an unknown third-party.
In most cases, the hackers had changed users’ email addresses, thereby preventing users from accessing their accounts. However, DoorDash rejected the claims and told that they did not find any evidence which suggested that a data breach had occurred.