The popular on-demand food delivery service has announced that it has suffered a data breach. The San Francisco-based company said that 4.9 million people were affected by the breach.
Announcing the cybersecurity incident in a blog post, the company clarified that not every customer was affected by the breach. Among those who were affected by the breach were the consumers, customers, and merchants who joined the platform on or before April 5, 2018. Those users who joined after April 5, 2018, were not affected by the breach.
DoorDash’s investigation into the matter found that an unauthorized third party had accessed some user data on May 4, 2019. The company has taken measures to block further access by the unauthorized third party.
What was accessed?
The breach accessed profile information of the users including their names, email addresses, order history, delivery addresses, phone numbers and even hashed passwords. The last four digits of consumer payment cards were also accessed. The company said that around 100,000 customers’ driver’s license numbers were also accessed.
DoorDash is currently reaching out to the affected users and asking them to reset their passwords.