Food delivery service DoorDash has confirmed that data of 4.7 million customers, workers, and merchant partners has been compromised.
The breach was made public through an official blog post. DoorDash has established that hackers were able to access physical addresses, order histories, phone numbers as well as hashed, salted passwords of those affected.
The data theft happened on May 4 but it was only detected earlier this month. It took five months for DoorDash to detect the attack and inform users.
Customers who joined the platform after April 5, 2018 are not affected by the hack. Although, if you joined on April 5, you could be one of the affected users.
DoorDash blames the information leak on a third-party service, but doesn’t name it in the post. The company says that it is reaching out to all those who have been affected by the breach.
Besides delivery addresses and passwords, hackers also stole the last four digits of consumers’ payment cards. DoorDash Merchant partners also had the last four digits of their bank account numbers stolen.
The company says that other card details such as full card numbers or CVV numbers were not compromised.
Approximately 100,000 Dashers also had their driver’s license numbers stolen, which could have serious implications for identity theft and other crimes.
DoorDash advises concerned users to change their password to one that is unique to the platform.
The company says it has taken steps to plug the information breach and block further access by unauthorised individuals. Still, this might be one of the more damaging hacks we’ve seen in 2019, owing to the variety of information gained by the perpetrators.