Data breach at DoorDash compromises nearly 5 million accounts

The food delivery service says some users should reset their passwords.
Author:
Publish date:

Food delivery service DoorDash has announced that almost 5 million customer accounts were compromised in a data breach this past May.

The breach affects 4.9 million customers, delivery workers and restaurants who joined the platform on or prior to Apr. 5, 2018.

Anyone who joined after then is not affected.

The information taken in the hack includes names, email addresses, addresses, order history and phone numbers. What's more, the last four digits of payment cards were taken, but the "full payment card numbers or a CVV was not accessed."

"The information accessed is not sufficient to make fraudulent charges on your payment card."

Delivery workers and merchants had the last four digits of their bank account numbers taken, while 100,000 delivery workers had their driver's license numbers accessed.

Follow Bring Me The News on LinkedIn

"We take the security of our community very seriously," DoorDash said in a blog post Thursday. "Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred.

"We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized user and to enhance security across our platform."

DoorDash delivers food from a number of restaurants and vendors across the Twin Cities, including fast food outlets such as McDonald's, Chick-fil-A, and Taco Bell, and a number of local restaurants.

Customers who opened their account before Apr. 5, 2018, are being advised to change their passwords out of "an abundance of caution."

You can find more information about the breach here, blog.doordash.com, or by calling its 24/7 call center at 855-646-4683.

Next Up

Screen Shot 2020-09-04 at 8.42.40 PM

Federal charges: MN marijuana lobbyist threatened U.S. representative

"I want you to be as scared as possible," the voicemail allegedly says.

coronavirus, masks, covid-19

Wisconsin Republicans aim to end governor's mask mandate

They've introduced a resolution to remove the governor's emergency powers.

Ted Schweich

Community group hopes to install billboard to get neighbor a kidney

A group called "Team Ted" aims to raise $5,000 to find their friend a kidney donor.

Andrew Palmer

Charges: Coach raped teenage girl on Minnesota basketball team

The 33-year-old head coach has been charged in connection to the alleged crimes.

radio station, microphone

WCCO Radio's program director leaves the company

It's not clear why John Hanson and the station parted ways.

Minneapolis skyline

Minneapolis a step closer to banning facial recognition technology

There are concerns about it leading to a surveillance state, and that it could harm disadvantaged communities.

covid-19, coronavirus, PPE

Here is Minnesota's COVID-19 update for Friday, January 22

Nearly 50,000 Minnesotans have received both doses of the COVID-19 vaccine.

police lights

Police recover more than 14 pounds of meth, 4,000 pills during drug bust

Three people have been arrested and charged in connection to the drugs.

Gopher hockey

Gophers respond to drop in rankings with 10-goal outburst

It had been 17 years since the Gophers last scored 10 goals in a game.

Related

Dunn brothers

Data breach impacts card users at Dunn Bros., Sebastian Joe's

A Minnesota company that provides point-of-sale services has confirmed a breach.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

It turns out every Yahoo account was hit by the data breach a few years ago

The company now says hackers hit all 3 billion accounts, not 1 billion

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

First Delta, now Best Buy caught up in data breach

The Richfield company confirmed its customers are affected by the hack.