DoorDash, a food delivery company based in San Francisco, CA., is telling customers and those that work for the services of a serious breach — affecting the records of nearly 5 million people. The hack occurred on a specific day, May 4, 2019, and only those who had signed up before April 5, 2018 are involved. DoorDash has said it's going to contact people in a blog post in the coming days.
- Two-thirds of hotel websites found to leak customers' personal data
- It's been a bad year at the start for your data
- 5 ways to stay more safe online
DoorDash works in cities around the country and Canada from Toronto to Austin, partnering with restaurants so customers can get food delivered through an app. People who work for DoorDash are called Dashers, and work on a freelance basis, like drivers for ride-sharing services, signing up to deliver food to customers. Merchants sign up with the service so diners can place order through the app, and get deliveries. The company is also expanding into other services including autonomous deliveries, partnering with General Motors' Cruise Automation and starting to test food drop-offs through self-driving cars in San Francisco.
Customers are being alerted by DoorDash about the hack, but should still change their password Getty Images
What's involved in the hack is extensive — data that includes personal and financial information — and it involves not just customers, but merchants and also the drivers, or Dashers, who work for DoorDash. This can include some combination of the following:
- Names, email addresses, phone numbers and delivery addresses
- What people have ordered
- The last four digits of payment cards of customers
- The last four digits of bank account numbers for those who work as Dashers, and also merchants who use DoorDash
- Driver's license numbers of about 100,000 Dashers only
Data breaches are growing, up 126 percent in 2018 from 2017, according to the Identity Theft Resource Center, and impacting early 1.7 billion email details alone. Brands from Yahoo to Tesla, Sephora to Capital One have all been hit by data breaches and hackers.
In the case of DoorDash, the company figured out a third-party gained access to the user information on a specific date. The delivery service also noted that anyone who had signed up after April 5, 2018 is not affected by the hack at all. DoorDash is requesting that all customers change their password, plus monitor their financial information.
People can reach out to the company if they have questions at a call center set up by DoorDash at 855-646-4683