About 4.9 million customers, Dashers, and merchants who joined DoorDash, an on-demand food delivery service, before April 2018, had their personal information stolen from an "unauthorized third party," otherwise known as a hacker.
According to DoorDash's blog, the breach was spotted earlier this month when the company "became aware of unusual activity involving a third-party service provider."
Outside "security experts" were called in to assess the damage, what they discovered was devastating as hackers made off with millions of customers' private data. Some of the data includes:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver's license numbers were also accessed.
The San Francisco-based company's blog said the breach occurred in May 2019. Those who have been affected should be receiving a notification from DoorDash in the next several days.
The company emphasizes the stolen data "is not sufficient to make fraudulent charges on payment cards or fraudulent withdrawals from bank accounts."
"We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. We've also set up a dedicated call center available 24/7 for support at 855–646–4683."
And earlier this week, DoorDash began a week-long promotion, giving away up to 50,000 free steaks at Outback Steakhouse, something that we see as a promotional stunt to get ahead of bad news. And as we just found out, that bad news was the hack attack on millions of its customers. Shame on DoorDash.