All they wanted was a quick delivery.
Instead, millions of DoorDash customers now find themselves the victims of a massive hack that exposed personal details such as delivery addresses, emails, and more. Oh, and it's not just those who ordered food on the receiving end of this security nightmare. Those using the platform to deliver food, known as "Dashers," as well as some merchants, also had their data accessed by hackers.
DoorDash says that 4.9 million merchants, dashers, and customers were affected by the breach. Specifically, those who began using the service before April 5 of 2018. If you joined after, you're allegedly in the clear.
DoorDash announced the breach in a Thursday press release, taking pains to insist that it "[takes] the security of our community very seriously."
When a company opens a press release with that sentence, you know you're truly screwed.
"We deeply regret the frustration and inconvenience that this may cause you," insists the company.
The company says it discovered the breach earlier this month, and determined that an "unauthorized third party" got access to DoorDash data on May 4 of this year.
According to DoorDash, that data includes "names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords."
But wait, that's not all that was accessed.
"For some consumers, the last four digits of consumer payment cards," explained the company in the aforementioned press release. "For some Dashers and merchants, the last four digits of their bank account number."
Approximately 100,000 Dashers also had their drivers license numbers "accessed."
So, how do you know if you're one of the unlucky ones? DoorDash says it's notifying those affected by the hack "over the coming days." It also encourages all those concerned to change their password to something unique to DoorDash.
You could also, of course, delete your DoorDash account. But that's just a little bonus tip because the damage is already done.
Topics Cybersecurity
