DoorDash says 4.9 million users, merchants, and Dashers affected by security breach

Sep 26 2019, 9:31 pm

DoorDash says 4.9 million users, merchants, and Dashers were affected by a security breach that occurred earlier this month.

The food delivery app says “an unauthorized third party accessed some DoorDash user data on May 4, 2019,” which resulted in almost 5 million app users’ information being left vulnerable.

DoorDash released a statement on September 26 regarding the hack and listed the kind of information that could have been accessed.

This included the following:

  • Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
  • The last four digits of consumer payment cards (not full credit card information like full payment card numbers or a CVV).
  • The last four digits of some Dashers and merchants’ bank account number (not full bank account information).
  • For approximately 100,000 Dashers, their driver’s license numbers were also accessed.

The DoorDash team reiterated that the information accessed was “not sufficient to make fraudulent charges” on cards, and the same goes for withdrawals from Dashers and merchants’ bank accounts.

DoorDash has reached out directly to affected users with specific information about what was accessed.

That email asks DoorDash users to change their passwords but does not specify exactly what information has been accessed from those customers.

The email says information that “could” have been accessed includes names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords.

DoorDash says it has taken steps to secure its data, including “adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”

The company has set up a  dedicated call center available 24/7, if you have questions regarding the data breach or the security of your account you can call 855–646–4683.