DoorDash has confirmed 4.9 million of their consumers, Dashers, and merchants were affected by a security breach that took place in May.
The food delivery service said the following in a post on their company blog:
“We take the security of our community very seriously. Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users.”
DoorDash said users that joined their service after April 5, 2018 were not affect by the breach. However, those who joined before that date may have had profile information accessed, including contact details, delivery addresses and order history. Full credit card information or bank account information wasn’t accessed, but the last four digits of those accounts may have been. CVV numbers were also not accessed during the breach. On top of that, nearly 100,000 Dashers had their driver’s license numbers accessed.
DoorDash will be reaching out to those who have been affected by the breach and advise users who may have been affected to reset their passwords immediately at DoorDash.com.