DoorDash has announced a data breach that affects the personal information of approximately 4.9 million users, dashers and merchants. A security notice that DoorDash published stated that an unauthorized party was able to gain access to user data in May of 2019 that contained the data of users, Dashers, and merchants who joined the platform before April 5th, 2018. As of now, it is unclear as to how the data was accessed, but they did mention that an unusual amount of activity from a third-party service was noticed. DoorDash stated that the information accessed contained email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords. Some of the consumers, Dashers, and merchants had the last four digits of their credit cards or bank accounts exposed. For the affected consumers, the last digits of their credit cards were exposed but not the entire card number or the CVV. The information accessed is insufficient to make fraudulent charges. For the Dashers and merchants, the same statement was made. For over 100,000 dashers, their driver’s license number was also exposed.
Analyst Notes
While DoorDash states that plain text passwords were not revealed, It is highly recommended to change the password to a more complex password. It is also recommended for users, Dashers, and merchants alike to monitor their linked bank accounts and credit cards for malicious activity.
