Security News

Data of Nearly 5 Million DoorDash Users, Dashers, Merchants is Breached

Food delivery service DoorDash has confirmed that around 4.9 million consumers, Dashers, and merchants have had their data compromised.

In early September the company became aware of unusual activity by a third-party service provider and launched an investigation, engaging the services of external security experts to assess what happened. From this, it was determined the third party had accessed some DoorDash user data on May 4 this year.

DoorDash said in a statement that "users who joined after April 5, 2018 are not affected ... and the data accessed includes names, email addresses, delivery addresses, phone numbers and hashed, salted passwords."

Some consumers had the last four digits of their payment cards exposed, but not the full card number or CVV. Similarly, some Dashers and merchants had the last four digits of their bank account number exposed but not the full account information. Around 100,000 Dashers had their driver’s license numbers accessed.

In the wake of the breach, DoorDash has beefed up its online security, including adding additional protective security layers around its data and improving security protocols that govern access to its systems. The company also recommends that everyone affected should reset their passwords to one that is unique to DoorDash.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts