DoorDash Inc. has announced a data breach that exposed personal data of around 4.9 million people on its platform. Amongst those whose data was stolen by hackers are merchants, customers and delivery persons, the food delivery company said in a blog post. However, the company said that the data of only those customers has been breached who joined the platform before April 5, 2018. So those who joined after the above-mentioned date are not affected but it is always better to change your password in such situations. DoorDash claimed that it initially noticed some unusual activity involving a third-party service provider following which a thorough investigation was launched into the matter.
The probe, which was completed with the help of outsider experts, launched by DoorDash revealed that user data was accessed the third-party on May 4. It is yet not clear why took so long for the company to detect the breach.
The investigation also revealed that exposed data include phone numbers, names, emails, delivery address, order history and hashed passwords. Shockingly, the exposed data also include the last four digits of bank accounts of dashers and merchants or credit cards of customers. Though card verification values (CVV) and full numbers were not taken. License numbers of around 100,000 dashers were also exposed in the breach, the company said. Despite such a huge breach, the company has not named the third-party so far.