DoorDash announced on Thursday in one blog post that an "unauthorized third party" had opened user data of approximately 4.9 million "consumers, Dashers and traders". approached. But it is not clear what may have been done with the data by the third party.
Access to certain financial information has also been obtained. DoorDash said that "for some consumers" the last four digits of payment cards were used, but full card numbers and CCV numbers were not. In addition, some couriers and traders also had access to the last four digits of their bank account numbers. Their driving licenses were also affected by around 100,000 company deliverers.
DoorDash said the data was accessible on May 4, but the company only discovered the infringement somewhere after it started an investigation earlier this month into "unusual activities involving an external service provider." The company is now informing customers affected by the infringement. The infringement is believed to be aimed primarily at DoorDash users who signed up before April 5, 2018, although the company recommends changing your password regardless of when you log in, "out of an abundance of caution."
The infringement comes about a year after some DoorDash customers have said their accounts was hacked, but told by Dash TechCrunch at the time that there had been no data breach. We have contacted DoorDash for comments and will update this article with everything we hear.