Food delivery service DoorDash has revealed it suffered a major data breach that put the details of millions of its customers at risk.
The company announced it suffered an attack that saw unauthorised third parties gain access to its customer database to steal information on a large number of users.
Around 4.9 million DoorDash users have been affected in the breach, which saw personal information including names, physical addresses, phone numbers, email addresses and even order history accessed illegally.
- Capital One suffers major data breach
- Best disaster recovery tools of 2019
- Nearly all Ecuador citizens have personal data leaked
DoorDash says the attack occured on May 4th 2019, and that it took "immediate steps" to block further access and boost its security systems.
Users who joined the service on or before April 5th 2018 may have been affected, but anyone who signed up after then should be safe. DoorDash added that some customer payment cards may also have been affected, although the company says only the last four digits of these could have been revealed, with no full card numbers or CVV codes accessed - meaning users should be safe.
DoorDash says it is reaching out directly to specifc users that may have been affected, but is urging all users to reset their passwords, though it is not believed that any passwords have been compromised.
Delivery drivers and the merchants themselves were also affected by the breach, with around 100,000 full drivers licence details being leaked.
"We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats," the company said (opens in new tab) in a statement.
"We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy."