Food delivery service company DoorDash says they are investigating a security breach that affected 4.9 million users, workers and merchants.
The company says they became aware of "unusual activity involving a third-party service provider" earlier this month. They launched an investigation and discovered that user data was accessed on May 4.
The breach only affects users who joined on or before April 5, 2018. If you joined DoorDash after that day, your information is not affected, according to the company.
The type of user data accessed could include:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
The company says they're reaching out directly to affected users with specifics on what information was accessed.
"We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash," the company said.
DoorDash says they took immediate steps to block further access and to enhance security across the platform.
For more information click here, or call 855–646–4683 any time for support.