The food delivery company confirmed in a blog post that an unauthorised party had gained access to user data.
Approximately 4.9 million customers, merchants and Dashers who joined the platform on or before April 5, 2018 have been affected. Those who joined after are not affected.
The type of user data accessed included; names, email addresses, phone numbers, delivery address, hashed passwords. For some consumers, the accessed data included the last four digits of consumer payment cards. It should be noted that full credit card information, such card numbers or a CVV were not accessed.
For merchants and Dashers, the last four digits of their bank accounts were accessed, however full bank information was not obtained.
DoorDash added that for 100,000 Dashers, their driver’s license numbers were also accessed.
The company stated that the data was accessed on May 4th, however the company only became aware of the breach recently after an investigation had been conducted into “unusual activity involving a third-party service provider.”
The unauthorised access has now been blocked, and additionally protective security layers around the data has been enforced.
DoorDash does not think that passwords have been compromised, however the company has encouraged users to change them.
“We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy.
The post #Privacy: DoorDash announces data breach impacting 4.9 million customers appeared first on PrivSec Report.