DoorDash Confirms Data Breach Exposing Customers’ Personal Info

Food delivery service DoorDash has just confirmed a group of hackers has stolen credentials from employees of a third-party vendor that were then used to gain access to some of its internal tools (via TechCrunch).

DoorDash Emblem

The data breach was announced in an official blog post by DoorDash, revealing that the attackers were able to access the names, email addresses, delivery addresses, and phone numbers of its customers.

Moreover, partial payment card information, including card type and the last four digits of the card number were also accessed for a smaller subset of users.

According to DoorDash spokesperson Justin Crowley, the vendor breach is linked to the phishing campaign that compromised SMS and messaging giant Twilio earlier this month.

DoorDash would not say when it discovered it was compromised, but its spokesperson said that the company took time to “fully investigate what happened, which users were impacted and how they were impacted” before disclosing the data breach.

DoorDash says that since discovering the compromise the company hired an unnamed cybersecurity expert to help with its ongoing investigation.

DoorDash says a small percentage of users were affected by the incident but hasn’t provided an exact number of affected users.

The company has also set up a dedicated call center for US and Canadian consumers and Dashers at (833) 559-0221, available Monday to Friday 6am-8pm PST and weekends 8am-5pm PST.