Last Thursday, the popular food delivery service Door Dash, announced that they experienced a breach which lead to customer information being exposed. Door Dash made a public disclosure following their investigation of the breach.
While publications only recently released (The Register) this news, the breach actually occurred much earlier in the year. Door Dash revealed that a hacker accessed this information on May 4th. According to them, a criminal was able to gain access to the companies technology providers. With this access, the perpetrator was able to view the private information of close to 5 million customers.
What was accessed?
According to Door Dash, the hacker potentially accessed:
Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
5 Million is a large number but does not make up the entirety of Door Dash’s customer base. The company provided some clarity into the segments of their customers affected by the breach.
“Approximately 4.9 million consumers, Dashers, and merchants who joined our platform on or before April 5, 2018, are affected,”
“Users who joined after April 5, 2018 are not affected.”
In the case you are unsure of whether you fall into the affected segment, you shouldn’t have to do too much digging to find out. Door Dash announced that they will be reaching out directly to those whose information may have been accessed.
What it means for the Digital You
Door Dash has promised to have taken ” immediate steps to block further access by the unauthorized user and enhance security”. While it is a step in the right direction, it does not undo the amount of information that the hacker was already able to access.
It is important to remember that when you provide your information to a company it could become collateral in a breach. Make sure you are keeping up with ScoresMatter to stay up-to-date on the latest news on breaches and the Digital You. In the meantime, you can sign up for ScoresMatter and scan to see if your information is for sale on the Dark Web.
Tap Into The Digital You at ScoresMatter.