DoorDash confirmed it suffered a data breach affecting roughly 4.9 million delivery people and merchants.
In a blog post on Thursday, DoorDash said it noticed unusual activity from a third-party service provider earlier in September. After investigating the activity, it found an unauthorized third party was able to access DoorDash user data on May 4, 2019. DoorDash said it took immediate steps to block further access and improve security.
The people affected joined DoorDash on or before April 5, 2018 — people who joined after that date weren't affected, according to the blog post. The company said it will be notifying those who were.
The breach involved data such as names, email addresses, delivery addresses, order history, phone numbers and encrypted versions of passwords. In some instances, the last four digits of payment cards and bank account numbers were accessed. According to the blog post, full payment card and bank account information weren't compromised. The driver's license numbers of about 100,000 delivery people were also accessed.
In response to the breach, DoorDash said it has added more security layers to protect people's data and improved the security protocols required to gain access to this data.
DoorDash encouraged people to change their passwords, even if they weren't affected but were still concerned about the safety of their accounts.
- DoorDash suffered a data breach that affected 4.9 million people
- What to do if you're affected by the Marriott data breach
- City of Medford Reports Data Breach in Online Billing System
- Facebook could face billion dollar fine for data breaches
- Facebook Says 50M User Accounts Affected by Security Breach
- Oregon DHS reveals data breach of more than 350,000 clients' data
- Immigration court backlog exceeds 1 million cases, data group says
- Millions of Americans Affected by Damaging Noise Levels
- Ore. Worker Stored Data Of 36,000 People On Private Account
- Equifax exposed 150 million Americans' personal data. Now it will pay up to $700 million