DoorDash servers were attacked and the attackers managed to get ahold of personal information of around 4.9 million accounts. This includes both customers and merchants, as well as Dashers, the delivery personnel of the food delivery service.
The unauthorized access was recorded on May 4, 2019 and the company received the information earlier in September.
The customer infomation accessed includes names, email addresses, delivery addresses, order history, phone numbers and encypted passwords. According to the post, no full credit card information was stolen, although some last four digits might have been accessed.
Dashers had also their driver's license numbers accessed.
DoorDash said that it will contact all affected users directly, and let them know what information of theirs was accessed. They've suggested everyone change their passwords nonetheless. The company has put in efforts to ensure better security practices in the future.
Read the DoorDash blog post here.
Written by: Matti Robinson @ 27 Sep 2019 13:21