DoorDash data breach exposes nearly 5 million accounts
Door Dash said it suffered a data breach in May that affected 4.9 million accounts, it said in a blog post. Customers, merchants and workers who use the platform were all potentially affected.
Information revealed included users’ names, emails, delivery addresses and passwords that had been “hashed,” or concealed through encryption, by the company. Some customers had the last four digits of their credit card numbers revealed, while some workers and merchants had the last four digits of their bank account numbers revealed. The hack also revealed the driver’s license numbers of about 100,000 delivery workers.
The hack affects users who joined the platform on or before April 5, 2018, according to DoorDash.
The hacked information is not sufficient to place fraudulent orders, the company said. It advised users to change their passwords, although it said it did not believe hackers were able to read any of the hashed passwords.
DoorDash said it had cut off access to the breached information and improved security systems, including “adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
The company is notifying the 4.9 million affected users individually, according to the announcement.