DoorDash security breach leaks info of millions of users

(Image credit: DoorDash)

Food delivery service DoorDash has revealed it suffered a major data breach that put the details of millions of its customers at risk.

The company announced it suffered an attack that saw unauthorised third parties gain access to its customer database to steal information on a large number of users.

Around 4.9 million DoorDash users have been affected in the breach, which saw personal information including names, physical addresses, phone numbers, email addresses and even order history accessed illegally.

Threat

DoorDash says the attack occured on May 4th 2019, and that it took "immediate steps" to block further access and boost its security systems.

Users who joined the service on or before April 5th 2018 may have been affected, but anyone who signed up after then should be safe. DoorDash added that some customer payment cards may also have been affected, although the company says only the last four digits of these could have been revealed, with no full card numbers or CVV codes accessed - meaning users should be safe.

DoorDash says it is reaching out directly to specifc users that may have been affected, but is urging all users to reset their passwords, though it is not believed that any passwords have been compromised.

Delivery drivers and the merchants themselves were also affected by the breach, with around 100,000 full drivers licence details being leaked.

"We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats," the company said in a statement.

"We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy."

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.