Skip to main content

DoorDash hit with major data breach

(Image credit: Image Credit: Balefire / Shutterstock)

A food delivery company with millions of customers has had its data breached (opens in new tab), and sensitive information like names, physical addresses and phone numbers was leaked.

The news was confirmed by the company itself – DoorDash. Announcing the breach in a blog post earlier this week, DoorDash confirmed that 4.9 million customers, delivery workers and merchants have had their data compromised. The breach (opens in new tab)occurred on May 4, the company said, adding that whoever joined before April 5 2018 were affected.

It laid the blame on an unnamed third-party service provider. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” said DoorDash spokesperson Mattie Magdovitz.

But it’s not just names, physical addresses and phone numbers that were leaked. Order history was taken, hashed and salted passwords, but also the last four digits of the customers’ payment cards.

The last four digits of delivery workers’ and merchants’ bank accounts were taken, as well as some 100,000 delivery workers’ driver license information.

Full numbers, as well as card verification values (CVV) were not taken.

DoorDash said it added extra layers of security to keep its customers’ data safe, and improved security protocols necessary to gain access to this data.

Almost exactly a year ago, DoorDash customers claimed their accounts were hacked, Tech Crunch reminds. At the time, the company denied the data breach, and said the attackers were actually involved in credential stuffing.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.