DoorDash first became aware of the incident after being notified of potential shady activity from third party provider. While, the provider was not named in the post – DoorDash quickly launched an investigation.
According to DoorDash the hackers stole profile information such as names, email addresses, and phone numbers along with the last four digits of credit cards. In the post DoorDash assured customers that the stolen data was not enough to make fraudulent charges as the payment card numbers and CVV numbers were not retrieved.
Merchants faired a bit better (or worse) depending on how you look at it. Hackers stole the last four digits of merchants’ bank account numbers but again not enough information was pilfered to make withdrawals.
Finally, for “Dashers” or delivery drivers the last four digits of their bank accounts along with their driver license numbers were accessed in the breach.
The blog post stated that DoorDash takes this matter seriously and are taking the necessary steps to secure users data. They plan on doing this by “…adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
This isn’t the first time that DoorDash was put on the hot seat over stolen data. About a year ago several customers complained that their credentials were stolen which resulted in various fraudulent charges to their account. In an email to Tech Crunch, the delivery app denied any wrong-doings Spokeswoman for DoorDash Becky Sosnov told TechCrunch, “We do not have any information to suggest that DoorDash has suffered a data breach.”
DoorDash is in the process of notifying those who have been affected. The organization reiterates that hackers did not access enough information to make fraudulent charges. Regardless, the company encourages users to change their password on their website, https://www.doordash.com/accounts/password/reset/ .
DoorDash joins the likes of Yahoo (twice!), Capital One, Equifax, and Marriott who have all succumbed to similar fates in the last few years. Data loss prevention continues to be a hot topic as the pressure mounts on businesses to ensure that their consumer data is protected from potential threats.
If you opened a DoorDash account prior to April 5, 2018 it’s important that you change your password. While the DoorDash claims that the hackers did not steal enough information to make fraudulent charges – it’s important that you carefully monitor your activity.
For more information or if you have questions, DoorDash has set up a 24/7 call center that can be reached at 855–646–4683.