Some DoorDash users may have been affected by a data breach that happened in May, the company announced Thursday.
The company says earlier this month, they became aware of unusual activity involving a third-party service provider and immediately launched an investigation and engaged outside security experts to assess what happened.
It was determined that an unauthorized third party accessed some DoorDash user data on May 4. The company took immediate steps to block further access by the unauthorized third party and to enhance security across the platform.
DoorDash says it is directly reaching out to users who have been affected.
The company says about 4.9 million customers, Dashers and merchants who joined the platform on or before April 5, 2018, have been affected. Anyone who joined after this date were not affected.
Related: Capital One breach exposed bank data for the most financially vulnerable customers
The type of user data that was accessed could include:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
In terms of additional steps taken to further secure users’ data, DoorDash says it has added additional protective security layers around the data, improving security protocols that govern access to the company’s systems and bringing in outside expertise to increase their ability to identify and repeal threats.
The company says they don’t believe user passwords have been compromised, but out of an abundance of caution, they are encouraging everyone who has been affected by the data breach to reset their passwords to one that is unique to DoorDash. You can change your password by clicking here and using the email address associated with your DoorDash account.
Click here for more frequently asked questions. You can also call DoorDash’s dedicated call center for support at 855-646-4683. It is available 24/7.