DoorDash Systems Were Breached by an Unauthorized Party in May 2019

• DoorDash announced a breach that exposed the personal and financial data of 4.9M people.
• Not everyone was affected in the same way, while those registered after April 2018 are safe.
• People are urged to reset their passwords and monitor their bank accounts closely.

DoorDash published a security incident announcement on their blog, informing the world that they have been breached. According to the details that were given away by the San Francisco food delivery service technology company, the intruders gained access on user data on May 4, 2019, and retained this access until almost yesterday. According to DoorDash, the number of consumers, Dashers, and merchants that have been affected by this incident is approximately 4.9 million.

The leaked data includes the following:

• Full names, email addresses, delivery addresses, order history, phone numbers, and hashed, salted passwords of user accounts.
• The last four digits of consumer payment cards.
• The last four digits of the bank account numbers of Dashers and merchants.
• The driver’s license numbers of 100 thousand Dashers.

As DoorDash clarifies, the CVV codes were not accessed, while the banking and payment card data that was exposed is not enough to enable the actors to carry out fraudulent withdrawals or charges. Moreover, not all of the above concern every one of the 4.9 million users who have been exposed. Finally, DoorDash clarifies that those who have joined the platform after April 5, 2018, are not affected by this incident, so they may completely disregard this news and move on.

For those who have been affected, resetting their DoorDash password is now imperative. The tech company stated that they’re in the process of personally notifying the affected users by sending them emails and calling them. If you want to make sure that you are not one of them, you may give them a call at 855-646-4683 which will be available 24/7 and dedicated in the particular incident. Regardless of whether you have been exposed or not, we advise you to reset your password nonetheless.

From now on, monitor your card’s activity regularly and check your bank accounts for any unusual activity. If you see anything wrong or unexpected, report it to your financial institution and card issuer immediately. Considering the time period of almost five months that the intruders had at their disposal, you may already have been exploited by them. While DoorDash begins their announcement with the classic “We take the security of our community very seriously”, the time taken to discover and respond to this breach isn’t reflecting this sentence in any way whatsoever.

Will you be trusting DoorDash from now on? Let us know in the comments below, or on our socials, on Facebook and Twitter.