DoorDash confirmed data breach

DoorDash, a food delivery company, has said in their blog post breach notification on Sep. 27, 2019, that around 4.9 million customers, dashers (delivery workers), and merchants personal data got exposed in a security breach.

As per the breach notification of DoorDash, the organization learned about this incident on Sep. 2019. Once they came to know about the incident, Mattie Magdovitz, the DoorDash spokesperson, said that "we immediately launched an investigation and outside security experts were engaged to assess what occurred".

It was determined that this data breach has occurred because of unauthorized third-party access to some user data of DoorDash. The data breach takes place on May 4 of this year (i.e. 2019), said the company, but added that the customers who joined the food delivery platform after Apr. 5, 2018, remain unaffected by this breach.

Consumers, merchants, and dashers who joined the food delivery platform on or before Apr. 5, 2018, were affected in this data breach. The user data that was accessed may include profile information such as names, email addresses, phone numbers, order history, delivery addresses, as well as salted & hashed passwords.

DoorDash also said that for a few consumers, last 4 digits of payment cards have also been accessed. However, the full credit card details like CVV (card verification values) or the complete payment card numbers has not been accessed. Similarly for a few dashers and merchants, last 4 digits of bank account numbers were also accessed. However, the complete bank account information has not been accessed. Around 100,000 dashers driver's license numbers were also accessed in this breach.

DoorDash has confirmed that additional steps have been taken by them to secure the users' data. Moreover, the company has hired experts for increasing its ability to find and repel the future threats.

DoorDash in their breach notification on Sep. 27, 2019, said that they do not think that user passwords were compromised, but as a precautionary measure, the company is encouraging all affected people to change their passwords. The company in the breach notification further said that "we deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy".

» SPAMfighter News - 10/14/2019