DoorDash data breach leaves important customer details exposed

A sophisticated phishing attack has left customers' personal information and partial payment information exposed to hackers.

Food delivery giant DoorDash has confirmed a data breach that has left customers’ personal information exposed to hackers, the company announced in a statement Wednesday.

DoorDash stated that an “undisclosed number of customers had their names, email addresses, delivery addresses, phone numbers, and partial payment card numbers” stolen. For drivers with the company, hackers were able to access names, phone numbers, and email address information.

In its statement, DoorDash explained that the breach was the result of a third-party vendor that was hacked through a sophisticated phishing campaign. Employees of the vendor had credentials that were stolen that were then used to access DoorDash’s internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering “unusual and suspicious” activity.

DoorDash did not state any timeline of discovery of the breach. A spokesperson with DoorDash told TechCrunch that the company took time to “fully investigate what happened, which users were impacted and how they were impacted” before disclosing the data breach.”


continue reading »