Data Security

DoorDash was hacked; personal details of 5 million customers and employees leaked

Data protection specialists report that DoorDash has become the victim of a data breach incident. Through a post on its official blog, the food delivery company reported that an unidentified group of hackers managed to extract about 4.8 million customers, employees and delivery histories records.

Among the millions of records exposed during
the incident are:

  • Full
    names
  • Phone
    numbers
  • Email
    address and delivery address
  • Delivery
    history
  • Hashed
    passwords

In addition, DoorDash mentions that the card
numbers of some customers, dealers and merchants were also extracted, although
these were not complete and the security numbers remain completely protected.

Company employees mentioned that the intrusion
occurred last May 4th, although they don’t add more details, so it’s still a
mystery how this incident went unnoticed for more than four months. The company
added that customers who started using this service after April 5 will not be
affected by the data theft.

Mattie Magdovitz, the company’s communications
manager, says the incident is the fault of one of the third-party service
providers: “We barely detected the incident, we just started
investigating; we are working with data protection experts to determine what
exactly happened,” the spokeswoman added. The name of the indicated
external company was not disclosed. 

Unfortunately, this is not the first time
DoorDash has incurred data privacy scandals. Last year, multiple clients of the
company reported the hacking of their accounts; although DoorDash initially
denied a cybersecurity incident, the explanation they offered left affected
users unsatisfied.  

According to data protection specialists from
the International Institute of Cyber Security (IICS) the incident that occurred
last year in DoorDash was a credential
stuffing
attack, in which hackers use leaked passwords from others
online platforms to try to access other accounts, another example about how non
recommended it is to use the same password on different websites.

To Top

Pin It on Pinterest

Share This