DoorDash on Thursday announced that a security breach has affected 4.9 million consumers, Dashers and merchants.
The company said an unauthorized third party accessed some DoorDash user data on May 4.
Users who joined after April 5, 2018, are not affected, the company said.
DoorDash said the following types of user data that may have been accessed are:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
DoorDash said they are reaching out directly to affected users. The company is encouraging anyone affected to change their passwords to one that is unique to DoorDash.
The company said in a statement:
“We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. For further information, please see our FAQ page below. We’ve also set up a dedicated call center available 24/7 for support at 855–646–4683.”
For more information, click here.