DoorDash Data Breach Hits 5 Million User Accounts

On Thursday, food-delivery service, DoorDash joined a string of data breach victims in recent years, confirming in its blog post, a massive data breach that’s affected 4.9 million users, including customers, workers, and merchants. The breach was initially reported by TechCrunch, exposing information such as names, email addresses, delivery addresses, order histories, phone numbers, and passwords.

Hauntingly enough, the last four digits of some consumers’ credit card and bank account numbers were also accessed, but DoorDash has indicated that the information isn’t enough to make a fraudulent purchase. We will see about that.

The company added that approximately 100,000 of its company drivers had their driver’s license numbers accessed. Again, too early to speak on the potentially damaging effects of this.

Earlier this month, the food-delivery company said it became aware of “suspicious activity” with a third-party service provider. After an investigation, the company said it discovered another breach occurred in early May.

Who Is Affected?

The data itself was compromised on May 4.

The massive breach affected users who joined the platform on or before April 5, 2018, according to the company. Users who joined after April 5, 2018 were not affected.

What Was Affected?

According to the company’s blog post, the type of user data accessed could include:

  1. Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
  2. For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
  3. For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
  4. For approximately 100,000 Dashers, their driver’s license numbers were also accessed.

Why Is This Breach Different From This Year’s Previous Breaches?

While data breaches have become somewhat common place as business moves increasingly online, DoorDash’s may differ in that about 100,000 “dashers,” the independent contractors who perform the company’s delivery services, may have had their driver’s license numbers leaked.

What Has the Company Done?

via Twitter

The company stated in its blog post that “[it] ha[s] taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”

We immediately launched an investigation, and outside security experts were engaged to assess what occurred,” Mattie Magdovitz, the company’s senior communications manager, said in an email.

DoorDash said it blocked the unauthorized user’s access, added additional protective security layers around the data, improved security protocols that govern access to systems, and brought in outside expertise.

The company is currently in the process of notifying those affected as quickly as possible and will continue to reach out over the coming days.

However, the means by which the company has reached out, isn’t sitting so well with some users.

via Twitter

What Can You Do?

CHANGE YOUR PASSWORDS. How? We got you.

You can change your DoorDash password by visiting https://www.doordash.com/accounts/password/reset/ and using the email address associated with your DoorDash account.

The company said it doesn’t think passwords were compromised but that it encourages users to change them just in case. Again, as we’ve seen from these breaches, trusting what these companies “think” was and was not compromised is of no matter—just change your passwords people.

For further information, Door Dash has also set up a dedicated call center available 24/7 for support at 855–646–4683.

While the company has indicated that its investigation is ongoing, this breach is only the latest legal challenge for DoorDash.  In July, the company said it would change its controversial tipping policy after significant outcry from workers and advocacy groups, handing over the full tip to delivery workers. Previously, tips were used to help fund the minimum payment guaranteed to the driver.

This breach follows recent breaches such as MoviePass, Capital One, Facebook, and Equifax.

Avatar

Andrew "Drew" Rossow is an award-winning journalist and former News Editor at Grit Daily. Joining in 2019, he was instrumental in Grit Daily's "year two" and in Grit Daily House, the alt-SXSW activation that Fast Company described as bringing "SXSW back to its roots." He is a nominal co-founder at Grit Daily.

Read more

Grit Daily's Podcasts


Listen to The Like a Boss Podcast

News


VeeCon Preview: Gary Vaynerchuk on Grit Daily News
Danni Peck
on May 14, 2021

VeeCon Preview: Everything Gary Vaynerchuk Ever Wanted in a Conference

An NFT convention? Is that even possible? It’s more likely than you think. Gary Vaynerchuk, wine critic and entrepreneur and co-founder of restaurant reservation software such as Resy and Empathy Wines, has announced VeeCon for any VeeFriends token holders. VeeFriends is an NFT project created by Vaynerchuk that showcases his NFT collection of art. With […]

Peter Page
on May 13, 2021

ScriptDrop CEO Amanda Epp Explains Why Prescription Home Delivery Will Outlast the Pandemic

Timing, as it has long been said, is everything but sometimes timing is dictated by what nobody could plan for – one example being a global pandemic. When ScriptDrop, a very fast growing startup prescription delivery company based in Columbus, Ohio, was launched in 2017 with Amanda Epp as CEO, demand for its service was […]

Sarah Marshall
on May 11, 2021

Adam Anderson of Hook Security Views Entrepreneurship—and Cybersecurity—in Unconventional Ways

Adam Anderson is not your typical entrepreneur. He has founded multiple companies, but now, he helps CEOs fire themselves. While CEO may sound like the dream job, Anderson believes that many CEOs can help their companies by putting effective leadership teams in place and then getting out of the way—transitioning from the role of CEO […]

Stewart Rogers
on May 11, 2021

Socialstack Lands Funding to Build Global and Diverse Social Token Economies

Socialstack, a social token protocol, has announced today that it has received $200k in funding to launch a new way for creators to interact with their community and fans. The protocol, which is on both Ethereum and Celo, was backed by the likes of Novum Insights, Aubrey Hruby, Decentranet, Adrianna Mendez, and Alan Laubsch. Solutions […]