USA – DoorDash announced this week that a 3rd party service accessed some user data on May 4,2019. DoorDash says they took steps immediately to prevent any more of that access and they are reaching out to affected users.
Who was affected? According to a DoorDash Blog Post,
“Not every user was affected. Approximately 4.9 million consumers, Dashers, and merchants who joined our platform on or before April 5, 2018, are affected. Users who joined after April 5, 2018 are not affected. The type of user data accessed could include:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
DoorDash says they have taken additional steps to secure data, and suggest users should change passwords as precautions only. More information here: https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e