Popular food delivery app DoorDash has today revealed in a blog post a recent data breach on its servers has compromised data of nearly 4.9 million customers, workers, and merchant partners who joined its platform on or before April 5, 2018. Users who joined after that date are not affected.
DoorDash notes the type of user data accessed includes names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords. For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
Furthermore, some consumers may have also had the last four digits of their consumer payment cards accessed, although the full card number and CVVs were not accessed. The company, however, points out that the information accessed was not sufficient to allow someone to make fraudulent purchases using the card:
We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.
We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash.