DoorDash, an American on-demand food delivery service, has confirmed that the personal information of 4.9 million of its customers and drivers has been compromised
In a blog post Thursday, the San Francisco based company said: “we became aware of unusual activity involving a third-party service provider.”
DoorDash said that they were able to pinpoint the unauthorised data breach to May 4, 2019. They immediately launched an investigation, drafting in external security experts to assess the breach and block further access by the third-party.
Home addresses, order details, profile information including names, encrypted passwords, email addresses and phone numbers were among the data compromised, as well as the last four digits of payment cards.
The company also said that approximately 100,000 “Dashers” – the name given to drivers – had their driver’s license numbers compromised.
The people affected by the breach were said to be among those who joined on or before April 5, 2018. According to the blog post, customers who joined after that date were not affected. DoorDash has encouraged all its customers to change their passwords, regardless of their join date.
In response to the breach, DoorDash said: “We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”