- The food delivery startup received complaints from dozens of customers, who claimed that their accounts were hacked.
- DoorDash denied having suffered a breach, instead suggesting that users’ accounts may have been hit by a credential stuffing attack.
The food delivery startup DoorDash reportedly received complaints from dozens of customers, who claimed that their accounts were hacked. Users complained that attackers somehow managed to gain unauthorized access to their DoorDash accounts and used them to fraudulently order food.
In many cases, the hackers reportedly changed users’ email addresses to prevent them from accessing their accounts. DoorDash customers even took to Reddit and Twitter to report about the breach. On social media, many customers complained about not having received any response from DoorDash.
TechCrunch reported that four DoorDash customers, who reported about their accounts having been hacked, had reused their passwords on other sites. However, six customers told TechCrunch that their DoorDash account passwords were unique.
DoorDash denies breach
Despite the multiple customer complaints, DoorDash denied having suffered a breach, instead suggesting that users’ accounts may have been hit by a credential stuffing attack. The food delivery firm said that none of its servers were breached.
“We do not have any information to suggest that DoorDash has suffered a data breach,” DoorDash spokesperson Becky Sosnov told TechCrunch. “To the contrary, based on the information available to us, including internal investigations, we have determined that the fraudulent activity reported by consumers resulted from credential stuffing.”