Food delivery company DoorDash has revealed that 4.9 million of its users’ accounts have had their data compromised.
This breach only affects users who made their accounts before April 5th, 2018. If you’re one of the affected users, the company says your name, email address, delivery address, order history and phone number could be compromised.
In addition, DoorDash says its password vault was breached, but the passwords were hashed and salted — a security measure for securing passwords in a database — so they shouldn’t be usable by any third-parties.
That’s not all — some users may have had the last four digits of their credit cards stolen, but not their whole cards or CCV numbers. Therefore, users shouldn’t have to cancel their cards.
Users weren’t the only ones affected. Merchants and the company’s delivery people, who it calls Dashers, may have also had the final four digits of their bank account numbers stolen. On top of this, roughly 100,000 Dashers have had their driver’s license numbers stolen.
The company says it’s reaching out to its users to let them know if they’ve been compromised. Even if DoorDash doesn’t reach out to you over the next few days, it still recommends changing your password. You can also contact its call centre to get more information at 855–646–4683.
The company says it “took immediate steps to block further access by the unauthorized user and to enhance security across our platform.”