DoorDash Breach Hits 4.9 Million Users, Including Delivery Drivers | News & Opinion

665701 doordash breach - DoorDash Breach Hits 4.9 Million Users, Including Delivery Drivers | News & Opinion

The food delivery service DoorDash is reporting a data breach involving the personal information of 4.9 million users, including its delivery drivers.

The exposed data involves names, email addresses, delivery addresses, phone numbers, and hashed passwords to user accounts. For some consumers, the last four digits of their payment cards were also exposed.

“However, full credit card information such as full payment card numbers or a CVV was not accessed,” the company said in a Thursday blog post. “The information accessed is not sufficient to make fraudulent charges on your payment card.”

Still, perhaps the most sensitive data accessed in the breach was the driver’s license numbers for 100,000 delivery workers with DoorDash, which could put them at risk of identity theft. Some workers and merchants also had the last four digits of their bank account numbers exposed.

However, not every DoorDash user was ensnared in the hack. “Users who joined after April 5, 2018 are not affected,” the company said. In addition, a portion of users who signed up on or before April 5 had no data taken in the breach.

DoorDash said it first noticed the problem earlier this month when it became “aware of unusual activity” involving an unnamed third-party service provider.

“We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019,” the company added. “We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users.”

The password data taken from the breach was hashed and salted, meaning the credentials were effectively scrambled, making them indecipherable to human eyes. What hashing algorithm was used is unclear. For now, DoorDash is encouraging all affected users to reset their passwords using this link, but the change doesn’t appear to be mandatory.

Although DoorDash is emphasizing the stolen data isn’t enough for the culprits to make fraudulent credit card charges, victims should still be on watch for any unusual activity on their financial accounts. It’s also a good idea to use unique passwords across different internet services in the event hackers and other fraudsters can unscramble old password data lifted from previous breaches. Another tip is to be careful around phishing emails. It’s possible the DoorDash hacker could strike victims by trying to send scam messages to their email inboxes.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...

Compare Products