Estimated reading time: 2 minutes, 35 seconds

DoorDash announced last Thursday that they were the victims of a data breach which occurred on May 4, 2019. The food delivery business, whose competition includes Grub Hub and Uber Eats, stated in a blog post that over 4.9 million people were affected by the breach. Those affected include customers, merchants, and workers who signed up for the app prior to April 5, 2018. The company states that at this point they do not have any evidence that those who signed up after the April 5th date were compromised.

DoorDash first became aware of the incident after being notified of potential shady activity from third party provider. While, the provider was not named in the post – DoorDash quickly launched an investigation.

According to DoorDash the hackers stole profile information such as names, email addresses, and phone numbers along with the last four digits of credit cards. In the post DoorDash assured customers that the stolen data was not enough to make fraudulent charges as the payment card numbers and CVV numbers were not retrieved.  

Merchants faired a bit better (or worse) depending on how you look at it. Hackers stole the last four digits of merchants’ bank account numbers but again not enough information was pilfered to make withdrawals.

Finally, for “Dashers” or delivery drivers the last four digits of their bank accounts along with their driver license numbers were accessed in the breach.

The blog post stated that DoorDash takes this matter seriously and are taking the necessary steps to secure users data. They plan on doing this by “…adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”

This isn’t the first time that DoorDash was put on the hot seat over stolen data. About a year ago several customers complained that their credentials were stolen which resulted in various fraudulent charges to their account. In an email to Tech Crunch, the delivery app denied any wrong-doings Spokeswoman for DoorDash Becky Sosnov told TechCrunch, “We do not have any information to suggest that DoorDash has suffered a data breach.”

DoorDash is in the process of notifying those who have been affected. The organization reiterates that hackers did not access enough information to make fraudulent charges. Regardless, the company encourages users to change their password on their website, https://www.doordash.com/accounts/password/reset/ .

DoorDash joins the likes of Yahoo (twice!), Capital One, Equifax, and Marriott who have all succumbed to similar fates in the last few years. Data loss prevention continues to be a hot topic as the pressure mounts on businesses to ensure that their consumer data is protected from potential threats.

If you opened a DoorDash account prior to April 5, 2018 it’s important that you change your password. While the DoorDash claims that the hackers did not steal enough information to make fraudulent charges – it’s important that you carefully monitor your activity.

For more information or if you have questions, DoorDash has set up a 24/7 call center that can be reached at 855–646–4683.

Last modified on Tuesday, 01 October 2019
Read 920 times
Rate this item
(0 votes)
Tagged under
Danielle Loughnane

Danielle Loughnane earned her B.F.A. in Creative Writing from Emerson College and has currently been working in the data science field since 2015. She is the author of a comic book entitled, “The Superhighs” and wrote a blog from 2011-2015 about working in the restaurant industry called, "Sir I Think You've Had Too Much.” In her spare time she likes reading graphic novels and snuggling with her dogs.

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline