Before Halloween begins, hackers scared out the DoorDash, a popular food delivery app. At the end of September month, DoorDash announced that hackers accessed the company's data system and stole the personal information of approximately 4.9 million people, including customers, merchants, restaurants, and delivery workers.
The data stolen contains the information of driver's license numbers, partial bank and credit card information, as well as names and addresses.
DoorDash said in one of their blogs that clients who have registered for the delivery app before April 5, 2018, had suffered a data breach of personal information such as names, email addresses, phone numbers, and order histories. Not only this, the last four digits of debit and credit cards. They also added that the full credit card information, such as CVV numbers, was not accessed.
The data breach occurred due to unauthorized third-party access, and the data of customers who have joined after April 5, 2018, are not affected.
DoorDash says, cybercriminals have gained access to "salted and hashed" customer passwords. It is a protection strategy companies use to protect the actual password, so they are not identifiable.
Hackers retrieved the last four digits of bank account numbers of delivery workers and restaurants. But DoorDash reports that full information is not accessed, and the information obtained is not sufficient to make fraudulent withdrawals from your bank account.
Also, about one lakh delivery workers have their driving license numbers hacked. It is a pretty massive breach not because of many users affected but also due to the information that was accessed.
DoorDash was hacked in May and took immediate steps to block further access, but it got delayed announcing data breach for five months.
After the huge bumble, DoorDash said it has added higher security layers to ensure individuals' information and improved the security conventions required to access this information.
The company apologizes for the inconvenience that causes to their customers, merchants, restaurants, and workers. They said every member of the DoorDash community is essential to them, and they want to assure that they value security and privacy.
Likewise, DoorDash urged individuals to change their passwords, even if they weren't affected, but were still concerned about the safety of their accounts.
Are you concerned about your data security? Contact Fusion Factor for cybersecurity before it gets too late to secure critical data of your business and customers. Call us today at (760) 940 4200)