DoorDash, an app that connects drivers with transportation services, is reportedly in the process of having a security breach. According to The Verge, DoorDash was hacked on Sunday and personal data of about 50 million users was accessed. The company has not yet released any information about the extent of the breach or how it was accomplished. The hack comes as a surprise because DoorDash is known for its security measures. In February, it announced that it had implemented two-factor authentication for all users and added new features to its platform to make it more secure.
According to a notice published by DoorDash, some app users were victims of a breach where an unauthorized party gained access to internal tools by using stolen credentials from vendor employees. The attackers gained access to the name, email address, delivery address, and phone number for some people.
For a smaller subset of users, the attackers also gained limited payment information, such as card type and the last four digits of credit cards. The information compromised doesn’t include full card numbers, bank account numbers, or Social Security numbers, so you shouldn’t have money mysteriously disappearing from your account because of this breach.
If you were affected, DoorDash should be getting in touch with you soon to notify you of the breach, and to what extent you were affected. Likewise, it’s also working on strengthening its security (even though this was the result of a phishing attack) and assisting law enforcement.
This is the latest in a long line of recent security breaches. Recently, both Plex and LastPass fell victim to breaches of their own as well. It doesn’t look like any sensitive information from you was exposed during the attack, though, so for now, you don’t need to do anything.
Source: DoorDash