Doordash is the latest tech company to suffer a major data breach. The company has announced that an unauthorized third party was able to gain access to Doordash user data on May 9, 2019, in a breach that affected a hefty 4.9 million users, delivery drivers, and merchants. According to the company, users who joined after April 5, 2018, were not affected by the breach.
“We take the security of our community very seriously. Earlier this [year], we became aware of unusual activity involving a third-party service provider,” said the company in a blog post. “We immediately launched an investigation and outside security experts were engaged to assess what occurred.”
The unauthorized party was able to access quite a bit of information too. According to the company, breached information included names, email addresses, physical addresses, phone numbers, and hashed and salted passwords. These passwords were encrypted in a way that essentially makes them useless to third parties.
Even some financial information was accessed — though nothing that should be of use to the hackers. Financial information accessed includes the last four digits of credit cards, though full credit card numbers weren’t accessed. When it comes to merchants and deliver drivers, the last four digits of bank accounts were accessed — though again, not full numbers. License numbers for 100,000 deliver drivers was also accessed.
It’s a pretty massive breach, not just because of the number of users affected, but also because of the kind of information that was accessed. Sure, financial information was limited, but the fact that physical addresses were accessed is pretty scary — especially for those that value their privacy.
Doordash says that it has taken appropriate steps to secure any other data, including “adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
According to the company, if you were one of the affected users, you’ll receive an email detailing the information that was accessed. The company also says that while passwords were not compromised, users wary about their information should still change their passwords to one that is unique to Doordash.