DoorDash has confirmed a data breach impacting 4.9 million users including customers, delivery workers (Dashers) and merchants. The food delivery company said that the breach happened on May 4 and that customers who joined after April 5, 2019 are not affected. It’s still unclear why it took several months for DoorDash to publicly address the incident.
- Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.
- Consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken.
- Both delivery workers and merchants had the last four digits of their bank account numbers stolen.
- Around 100,000 delivery workers had their driver’s license information stolen.