DoorDash Reveals Close to 5 Million Affected by Massive Private Data Breach

Nearly five million customers of food delivery service DoorDash have been affected by a data breach, the service confirmed. The information compromised includes order history, credit card numbers, and driver's licenses of approximately 4.9 million customers, drivers, and merchants who joined DoorDash on or before April 5, 2018.

In a blog post shared to its website on Thursday, Sept. 26, DoorDash explained that they "became aware of unusual activity involving a third-party service provider" earlier this month, prompting them to "immediately launch an investigation."

"We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019," the meal delivery service writes. "We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users."

According to the service, of the 4.9 million users affected, all joined on or before April 5, 2018, though not everybody who joined prior to that date has been affected. Those who joined after that date are not affected by the hack.

Data stolen in the breach includes profile information (names, email addresses, delivery addresses, order history, phone numbers), the last four digits of consumer payment cards, the last four digits of account numbers, and driver's license numbers.

DoorDash notes that full payment card and bank account information weren't compromised and that the "information accessed is not enough to make fraudulent charges."

In response to the data breach, DoorDash says that they have taken a number of steps to "block further access by the unauthorized user and to enhance security across our platform," including "adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats."

DoorDash is encouraging its users to change their passwords. It also reminds them that it is a security practice to regularly check your payment card and bank account for unusual activity.

"We take the security of our community very seriously," DoorDash said in its blog post. "We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy.

For those who have questions or concerns regarding the breach, DoorDash has set up a 24/7 call center at 855–646–4683.