Hack attack exposes personal information of 4.9 million DoorDash users

Mike Dougherty
September 27, 2019 - 10:22 am

DoorDash via CNN

PHILADELPHIA (KYW Newsradio/CNN) — DoorDash confirmed it suffered a data breach affecting roughly 4.9 million delivery people and app users.

In a blog post on Thursday, DoorDash said it noticed unusual activity from a third-party service provider earlier in September. After investigating the activity, it discovered the unauthorized third party was able to access DoorDash user data on May 4, 2019. 

The third party was able to access names, addresses, email addresses, order history, phone numbers, encrypted versions of passwords, and driver's license numbers of approximately 100,000 delivery people. It also revealed the last four digits of some, not all, payment cards or bank account numbers on file within the app.

DoorDash said it took immediate steps to block the hackers and improve security.

The people affected by the breach joined DoorDash on or before April 5, 2018 — people who joined after that date weren't affected, according to the blog post. The company said it will be notifying those who were.

Fortunately, the full numbers of payment cards and back accounts were not stolen, though that provides little comfort in yet another instance of hackers taking advantage of technology.

Latrese Pickett uses DoorDash in Philadelphia, and she said the convenience comes at a cost.

"People just ... like the convenience of not having to go anywhere, to do anything," she said, but the data breach "makes me not want to use them. Makes you kind of not want to ever use any of those apps."

In response to the breach, DoorDash said it has added more security layers to protect people's data and improved the security protocols required to gain access to this data.

However, all users — even those not affected by the breach — are still encouraged to change their passwords.

CNN contributed to this report. The-CNN-Wire™ & © 2019 Cable News Network, Inc., a Time Warner Company. All rights reserved.