DoorDash, the company that delivers pre-made food to your door, announced recently that an unauthorized party accessed about 4.9 million customers’, deliverers’, and merchants’ data. The DoorDash breach involved email addresses, names, physical delivery addresses, orders, phone numbers, and passwords, says the company.
So far, it is unclear what has been done with that delivery data.
DoorDash also says that the last four digits of some customers’ credit cards were accessed, though it confirms full numbers and CCV numbers weren’t.
Disconcertingly, the last four digits of bank accounts of some delivery workers could have also been accessed, the company says. About 100,000 employees had their drivers’ license numbers compromised.
More info from an article on The Verge:
DoorDash said the data was accessed on May 4th, but the company did not discover the breach until sometime after it began an investigation earlier this month of “unusual activity involving a third-party service provider.”
The company is informing customers affected by the breach now. The breach is believed to have primarily targeted DoorDash users who signed up on or before April 5th, 2018, although the company recommends changing your password regardless of when you signed up, “out of an abundance of caution.”
The new breach comes after customers reported hacks last year.
While the only safe way to use websites and services as consumers is to do so with password managers, it is concerning that many of the most popular service-based apps and websites have experienced recent hacks, which make even the most secure passwords useless.