DoorDash helps you get food from your favorite restaurants without ever stepping outside your home. To do that, the service naturally needs some of your data, including your address and payment details, which makes it a good target for hackers. Unfortunately, the company experienced a breach back in May. The compromised data includes personal information, encrypted passwords, and incomplete payment data, so at least customers have been spared the worst.
Around 4.9 million customers, workers, and merchants have had their data accessed by an unauthorized third-party service, which is significant enough. Anyone who created an account on the platform after April 5 last year is in the clear, luckily. DoorDash noticed irregularities on May 4, 2019, and with the help of outside security experts, the company took steps to block the said third party and shore up security on its platform to prevent similar incidents.
The breached data includes names, email addresses, delivery addresses, order history, phone numbers, and hashed, salted passwords (meaning they should be near impossible to decipher). For some customers, it also includes the last four digits of their credit card or the last four digits of their bank account numbers, but this information is not enough to allow fraudulent charges or withdrawals. The license plate numbers of around 100,000 delivery drivers, or ‘Dashers,’ are also included in the compromised data set.
DoorDash is in the process of notifying everyone affected, and it encourages everyone to change their password to one that’s unique to the service. We can also recommend using a password manager (here’s a roundup of some compatible with Android) as this will help you create and remember distinct, strong passcodes for every website or app you use.