DoorDash Data Breach Impacts 4.9M Users – Experts Comments

DoorDash has confirmed a data breach impacting 4.9 million users including customers, delivery workers (Dashers) and merchants. The food delivery company said that the breach happened on May 4 and that customers who joined after April 5, 2019 are not affected. It’s still unclear why it took several months for DoorDash to publicly address the incident.

  • Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.
  • Consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken.
  • Both delivery workers and merchants had the last four digits of their bank account numbers stolen.
  • Around 100,000 delivery workers had their driver’s license information stolen.

https://twitter.com/zackwhittaker/status/1177317479779110912

Experts Comments

September 30, 2019
Rosemary O'Neill
Director - Customer Delivery
NuData Security
Data in the wrong hands – especially personally identifiable information – can have a huge impact on customers. Personal information, combined with other user data from other breaches and social media, builds a complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, both on the Internet and in the physical world. Every hack has a snowball effect that far.....Read More
Data in the wrong hands – especially personally identifiable information – can have a huge impact on customers. Personal information, combined with other user data from other breaches and social media, builds a complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, both on the Internet and in the physical world. Every hack has a snowball effect that far outlasts the initial breach. We must change the current equation of "breach = fraud" by changing how companies think about online identity verification; the key is to make it valueless. Once the customer’s data is out, it doesn’t have to generate losses for that client or the company where the data is used. Companies can use technologies that detect when this data is being used. Most of the times, the data is used on automated attacks that can be detected with good bot-detection and behavior evaluation tools. Additionally, technologies that look at inherent user patterns like passive biometrics add to security by flagging when the right information is presented for a user, but that user is behaving unusually. The balance of power will return to customer protection when more companies implement such techniques and technology.  Read Less
September 27, 2019
Rob Gurzeev
CEO and Co-Founder
CyCognito
Unfortunately, this kind IT ecosystem risk isn't unique to DoorDash. In fact, IT and security teams often don't even know if and where all of their organization’s digital infrastructure and assets are, or whether they’re fully protected. This ‘awareness gap’ is called shadow risk, and it’s a major problem. Organizations need to expose those shadow risk by mapping and assessing their full attack surface.
October 01, 2019
Dr. Muhammad Malik
Editor-in-Chief
Information Security Buzz
DoorDash spokesperson blamed the breach on "a third-party service provider", without disclosing the name of the provider. But before blaming the third-party service provider, DoorDash should security assess its internal process of sharing data with third-party service providers. In today's connected world, the security of the business partner is equally important as the company's own security. Given the scale of business partners, how much risk do companies experience? One typical risk is the.....Read More
DoorDash spokesperson blamed the breach on "a third-party service provider", without disclosing the name of the provider. But before blaming the third-party service provider, DoorDash should security assess its internal process of sharing data with third-party service providers. In today's connected world, the security of the business partner is equally important as the company's own security. Given the scale of business partners, how much risk do companies experience? One typical risk is the exposure to the volume of data shared with business partners. "Need-to-know" and "Need-to-do" security principles must be applied when sharing data with business partners and should have legal terms protecting data privacy, confidentiality and integrity. The second issue is the detection of a data breach. It tooks five months for DoorDash to detect the breach but the reason for the delay is not clear. It is important for the company to find out what went wrong and should devise its security controls accordingly. Given the changing landscape of the threats and business processes, companies should keep on devising security strategies to respond to new forms of attacks quickly and to minimize risk to the business.  Read Less
September 27, 2019
Robert Prigge
CEO
Jumio
In today’s digital-first economy, consumers are accustomed to having everything – even their favorite foods – available with a touch of a button. The emergence of the sharing economy creates a whole new level of convenience for consumers but does not come without risks. Because the service provider is facilitating an in-person meeting between two individuals, it’s imperative that the organization know, without doubt, that both parties are who they say they are and are operating in good.....Read More
In today’s digital-first economy, consumers are accustomed to having everything – even their favorite foods – available with a touch of a button. The emergence of the sharing economy creates a whole new level of convenience for consumers but does not come without risks. Because the service provider is facilitating an in-person meeting between two individuals, it’s imperative that the organization know, without doubt, that both parties are who they say they are and are operating in good faith. As a third- party service provider was held responsible for the breach, it’s imperative that enterprises ensure that not only their systems, but also their suppliers or service provider systems are secure. On the heels of dating app Heyyo, Doordash is the second consumer mobile app that has announced a major data breach in 24 hours, and we can expect even more personal information (including passwords, phone numbers, home addresses, usernames and emails) to be available for sale on the dark web. With this information, cybercriminals can easily log into user accounts and commit account takeover fraud – making it nearly impossible to determine if an account holder’s digital identity matches their physical identity. For sharing economy companies, this is a huge concern. Doordash’s breach highlights why online accounts need to be protected with much stronger forms of authentication, such as biometric-based authentication, which not only more convenient for consumers than traditional methods, but it is also much more secure.  Read Less
October 01, 2019
Vinay Sridhara
CTO
Balbix
Seven months ago, DoorDash announced $400 million in Series F funding and the company says the funding came at a $7.1 billion valuation. The company’s growth can be attributed to its reach of 3,300 cities across the U.S. and Canada, its selection of partners and DoorDash Drive which allows businesses to make their own deliveries within the DoorDash network. However, in a saturated food delivery app market, DoorDash must recognize that cybersecurity and customer privacy are becoming essential.....Read More
Seven months ago, DoorDash announced $400 million in Series F funding and the company says the funding came at a $7.1 billion valuation. The company’s growth can be attributed to its reach of 3,300 cities across the U.S. and Canada, its selection of partners and DoorDash Drive which allows businesses to make their own deliveries within the DoorDash network. However, in a saturated food delivery app market, DoorDash must recognize that cybersecurity and customer privacy are becoming essential facets to a successful business. After suffering two different security incidents within around a year’s span, DoorDash users may look to competing services such as Uber Eats, Grub Hub or Postmates to meet their demand. In fact, 87% of customers will take their business elsewhere if they do not trust a company is handling their data responsibly. With DoorDash’s massive reach and customer base, it is imperative that they shoulder the responsibility of continuously monitoring all assets across hundreds of attack vectors to detect vulnerabilities. This involves analyzing millions, if not billions, of time-varying data signals continuously, and in real time. Analyzing all this is no longer a human scale problem anymore so organizations need to leverage security tools that employ AI, ML and deep learning technology to continuously observe and analyze the entire network in real time and derive insights in order to prioritize the vulnerabilities that need to be addressed in a prioritized manner.  Read Less
September 27, 2019
Dr. Guy Bunker
CTO
Clearswift
For the individual, there is always a challenge with protection against third-party data breaches, particularly when the company needs to have a significant chunk of your personal information in order to deliver their service. In this case, everyone in the supply chain was impacted. For consumers, all too often deciding whether or not to use a service is based on price or convenience – and certainly not on security of the service, or the lack of it. So, while it is good to remind individuals.....Read More
For the individual, there is always a challenge with protection against third-party data breaches, particularly when the company needs to have a significant chunk of your personal information in order to deliver their service. In this case, everyone in the supply chain was impacted. For consumers, all too often deciding whether or not to use a service is based on price or convenience – and certainly not on security of the service, or the lack of it. So, while it is good to remind individuals to research a new service, unfortunately it will probably fall on deaf ears. For organisations, there is an imperative to keep everyone’s data, be they customer, client, partner or supplier, safe. This needs to cover external hackers and the ‘insider threat’, which covers mistakes by internal people as well as malicious employees and the broader set of people who have access to ‘your’ data via systems, or who you share your data with by other means. While organisations are good at on-boarding and off-boarding employees in the traditional manner, new ways of working means that processes need to change. For example, when using cloud solutions for information storage and exchange one must consider who else has access to it. If it’s not linked to the corporate authentication, will people remember to revoke access at an appropriate moment? For external contractors who have access to internal systems and data, one must again consider who will revoke access and when? If it’s a third party company, will they be notified when an employee leaves? It is important to consider whether the system itself has been suitably hardened and the information appropriately segregated? Does it prevent bulk downloads of records? Is there appropriate monitoring in place to watch for suspicious behaviour, and if spotted, will it be acted upon in a timely manner? In terms of improving security going forward, technologies such as Adaptive Data Loss Prevention can be used to monitor and, where required, automatically redact sensitive information from both documents and web applications. Understanding how the attack occurred is the only way to put in place protection from it happening again. For other organisations, understanding how this attack was carried out will help them prepare in case they come under attack. Segregating data can be augmented with encryption, and should be considered for particular cases, for example, the last four digits of a credit card, driving licences etc. The biggest challenge an individual has when a commercial database is breached is phishing, based on trust with the company. Being able to show even the last four digits of a credit card, will make the recipient believe they are talking to the company – and so if the request was ‘please re-confirm your details for the credit card ending 1234’, then people will do this.  Read Less
September 27, 2019
Peter Goldstein
CTO and Co-founder
Valimail
DoorDash’s data breach — which exposed names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords — puts close to 5 million people at an increased risk for phishing attacks and other fraudulent activity. Cybercriminals can use this kind of data, in combination with effective and widely used email impersonation techniques, to send people especially convincing phishing emails. If successful, these phishing attacks can lead to account takeover, identity.....Read More
DoorDash’s data breach — which exposed names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords — puts close to 5 million people at an increased risk for phishing attacks and other fraudulent activity. Cybercriminals can use this kind of data, in combination with effective and widely used email impersonation techniques, to send people especially convincing phishing emails. If successful, these phishing attacks can lead to account takeover, identity theft and other scams. In fact, 83 percent of phishing emails are brand or company impersonations. Trust is an essential aspect of day-to-day life. People need to be able to trust that the companies and services they use, or work for, are going to protect their sensitive, personal data. Organizations must do a better job at securing that data in order to maintain trust. Additionally, people need to be able to trust that emails they receive are actually sent by real people or entities, as opposed to cybercriminals leveraging impersonation techniques. Email security solutions that focus on authenticating sender identity are critical to fostering an atmosphere of trust with email communication. This will also help reduce data breaches, since phishing emails are implicated in more than 90 percent of all cyberattacks.  Read Less
September 30, 2019
Stuart Reed
UK Director
Orange Cyberdefense
The DoorDash data breach demonstrates how careful companies need to be when selecting partners and understanding the access rights and security posture they have. While DoorDash, for example, could have done all of the security due diligence for itself as a company, if its partners weren’t secure, then neither was DoorDash. Companies need to be more vigilant in understanding how secure their partners are and what data they share with them. Data should be treated according to sensitivity, if.....Read More
The DoorDash data breach demonstrates how careful companies need to be when selecting partners and understanding the access rights and security posture they have. While DoorDash, for example, could have done all of the security due diligence for itself as a company, if its partners weren’t secure, then neither was DoorDash. Companies need to be more vigilant in understanding how secure their partners are and what data they share with them. Data should be treated according to sensitivity, if there is no need to share, then it should be kept within their own network. What’s more, technology needs to be in place to identify where data theft might be occurring. With detailed network visibility, for example, companies can see what data is leaving their network and understand if it is legitimate. Where it is not, they then have the actionable intelligence to close it down and eliminate the risk. With such sensitive data at risk – including driving license numbers, personally identifiable information, financial details and hashed passwords – ensuring that your partners and supply chain share the same cybersecurity ethos as you is critical.  Read Less
September 30, 2019
Richard Cassidy
Senior Director of Security Strategy
Exabeam
With this being the 2nd major breach reported by Door Dash in a relatively short time-frame, its clear that lessons haven't been learned. In any data breach scenario, the most critical element is communication. When customer personally identifiable information (PII) is believed to have been breached, or at risk as a result of a suspected breach, consumer and industry confidence can only be salvaged through transparency. The challenge with delaying breach (or potential breach) communication is.....Read More
With this being the 2nd major breach reported by Door Dash in a relatively short time-frame, its clear that lessons haven't been learned. In any data breach scenario, the most critical element is communication. When customer personally identifiable information (PII) is believed to have been breached, or at risk as a result of a suspected breach, consumer and industry confidence can only be salvaged through transparency. The challenge with delaying breach (or potential breach) communication is in the increased risk of further compromise to those affected; cyber criminals will undoubtedly capitalise on any gathered PII to facilitate more targeted campaigns, such as phishing or further identity based theft attacks. The challenge for any organisation that suffers a breach, is always in their ability to investigate and understand the extent of the breach (what, when, whom & where else) in a timely manner; we've seen in countless reports this past several years that the time-to-report is averaging several months or more. Understanding the nature of a breach doesn't have to be complicated in today's technological climate, especially if organisations are following standard practices in data monitoring, analysis and incident response frameworks. Lessons need to be learned here, not least the importance of truly understanding the nature of what you're protecting as a business and whom your protecting it from (insiders, 3rd parties, external customers, etc..).  Read Less
September 30, 2019
Jan Van Vliet
VP and GM EMEA
Digital Guardian
Organisations large and small all over the world have fallen victim to data privacy breaches and data loss – the impact of which could have been minimised, or prevented from happening in the first place. Cyber security programs should ensure that emphasis is placed on the security of the data itself – and not just on networks, servers and applications. Shifting the focus towards identifying, controlling and securing sensitive data assets may not prevent a cyber breach, but it will minimise .....Read More
Organisations large and small all over the world have fallen victim to data privacy breaches and data loss – the impact of which could have been minimised, or prevented from happening in the first place. Cyber security programs should ensure that emphasis is placed on the security of the data itself – and not just on networks, servers and applications. Shifting the focus towards identifying, controlling and securing sensitive data assets may not prevent a cyber breach, but it will minimise data loss – and hopefully the need to admit you should have known better.  Read Less
September 30, 2019
Anurag Kahol
CTO
Bitglass
Unfortunately, customers, delivery workers, and merchants impacted by this DoorDash incident are now vulnerable to the sinister designs of hackers both now and in the future. Malicious parties can use payment card information and personally identifiable information (PII) to make fraudulent purchases, to make a sale on the dark web for a quick profit, and much more. Additionally, a staggering 59% of consumers reuse passwords across multiple accounts. This means that if a cybercriminal.....Read More
Unfortunately, customers, delivery workers, and merchants impacted by this DoorDash incident are now vulnerable to the sinister designs of hackers both now and in the future. Malicious parties can use payment card information and personally identifiable information (PII) to make fraudulent purchases, to make a sale on the dark web for a quick profit, and much more. Additionally, a staggering 59% of consumers reuse passwords across multiple accounts. This means that if a cybercriminal appropriates a single password, then they can potentially gain access to a user's accounts across a number of services wherein said password is reused. As just one step in trying to control the damage, impacted users should change their passwords on all of the accounts where they used these now exposed credentials. Unfortunately, changing phone numbers and home or work addresses is not quite as easy. This event demonstrates why it is crucial for companies to do a better job at protecting data – particularly when so much of their business is conducted via the cloud and through digital services. Security solutions that enforce real-time access control, manage the sharing of data with external parties, encrypt data at rest, and prevent data leakage are critical for any organisation’s cybersecurity program.  Read Less
September 30, 2019
Erich Kron
Security Awareness Advocate
KnowBe4
This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers' license number also compromised. Any time there is a lot of.....Read More
This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers' license number also compromised. Any time there is a lot of correlated data in a breach, the bad guys can use that against people. The fact that this data has been available for so long before people were notified is unfortunate, especially when customers had reported suspicious activity so long ago. If you have ever wondered how scammers get the information they use to call people claiming that their Social Security Number is suspended, or that the IRS is going to arrest them, this is one way that it happens.  Read Less
September 30, 2019
Paul Bischoff
Privacy Advocate
Comparitech
The third-party provider did it" is becoming a common chorus among many companies whose data was breached or exposed. If you think you're only giving up information exclusively to one party when you sign up for any sort of account these days, you're very likely mistaken. Data sharing is common place, because not every company is equipped to secure, analyse, or exploit it. A food delivery service, for example, might not excel at digital advertising. So it contracts that part of its business out.....Read More
The third-party provider did it" is becoming a common chorus among many companies whose data was breached or exposed. If you think you're only giving up information exclusively to one party when you sign up for any sort of account these days, you're very likely mistaken. Data sharing is common place, because not every company is equipped to secure, analyse, or exploit it. A food delivery service, for example, might not excel at digital advertising. So it contracts that part of its business out to a third party. But those external providers aren't even on most consumers' radars, and they might not set as high of standards when it comes to securing data.  Read Less
September 30, 2019
George Wrenn
Founder and CEO
CyberSaint Security
Managing third-party vendors has become a leading concern for all businesses, especially technology companies. Many web-based organizations are leveraging cloud technologies from the beginning and that brings a host of assumptions regarding the vendor's security and opening themselves up to increased third-party risk. Technology-driven businesses must become significantly more diligent in their assessment of third-party vendors. Especially with a new business, where they haven't accrued years.....Read More
Managing third-party vendors has become a leading concern for all businesses, especially technology companies. Many web-based organizations are leveraging cloud technologies from the beginning and that brings a host of assumptions regarding the vendor's security and opening themselves up to increased third-party risk. Technology-driven businesses must become significantly more diligent in their assessment of third-party vendors. Especially with a new business, where they haven't accrued years of trustworthy service and a reputation for strong business practices, breaches like this can be especially damning. Cybersecurity leaders at these businesses need to look holistically at cyber risk management, both internal cybersecurity as well as third-party risk. Organizations must see vendor risk as paramount to their risk posture as their own internal cybersecurity practices.  Read Less
September 29, 2019
Ilia Kolochenko
Founder and CEO
ImmuniWeb
It would be premature to make any conclusions about the origins of the breach prior to a detailed technical investigation assisted by law enforcement agencies. A breach or data theft by a trusted third party, such as supplier or data analytics company, are nonetheless quite possible. Risks affiliated to insecure or careless third parties is an Achilles’ Heel of most modern companies and organizations. The problem is that monitoring and proper enforcement of third party cybersecurity is.....Read More
It would be premature to make any conclusions about the origins of the breach prior to a detailed technical investigation assisted by law enforcement agencies. A breach or data theft by a trusted third party, such as supplier or data analytics company, are nonetheless quite possible. Risks affiliated to insecure or careless third parties is an Achilles’ Heel of most modern companies and organizations. The problem is that monitoring and proper enforcement of third party cybersecurity is exorbitantly expensive and most companies, including the largest ones, simply cannot afford it. Affected users should urgently change their passwords if they were not absolutely unique and contact credit monitoring agencies. Later they will likely be able to get and accept a compensation proposal, join a class action or file an individual lawsuit to recover their losses. Pragmatically speaking, in this case, the first avenue may be the most profitable one if we compare legal costs and required time with the gain.  Read Less
September 27, 2019
Erich Kron
Security Awareness Advocate
KnowBe4
This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers' license number also compromised. Any time there is a lot of.....Read More
This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers' license number also compromised. Any time there is a lot of correlated data in a breach, the bad guys can use that against people. The fact that this data has been available for so long before people were notified is unfortunate, especially when customers had reported suspicious activity so long ago. If you have ever wondered how scammers get the information they use to call people claiming that their Social Security Number is suspended, or that the IRS is going to arrest them, this is one way that it happens.  Read Less
September 27, 2019
Kevin Gosschalk
CEO
Arkose Labs
Companies have spent millions of dollars trying to collect user data that can help them predict behavior, but fraudsters are acquiring this lucrative user data rather easily – one breach at a time. With each data breach, cybercriminals can build a complete profile of user identity and use those insights to create new inauthentic profiles which will be used for further malicious activity. This has affected every touchpoint in the DoorDash community, exposing its customers, delivery workers and .....Read More
Companies have spent millions of dollars trying to collect user data that can help them predict behavior, but fraudsters are acquiring this lucrative user data rather easily – one breach at a time. With each data breach, cybercriminals can build a complete profile of user identity and use those insights to create new inauthentic profiles which will be used for further malicious activity. This has affected every touchpoint in the DoorDash community, exposing its customers, delivery workers and valued merchants. The digital economy is powered by trust, and that becomes increasingly more important with these types of sharing economy companies who rely on collaboration and communication through trusted parties. This adds to the growing cybersecurity ecosystem full of sophisticated and connected networks that have been fed by each preceding breech. This gives fraudsters easy access to a host of compromised credentials from various, disconnected attacks. When combined, fraudsters are granted access to a significant amount of customer data that can easily be used for weaponization not only now, but in the future as that ecosystem continues to grow. As long as there is money to be made in the world of cybercrime, fraudsters will continue to find a way to breach credentials and subsequently monetize them. It is crucial now more than ever, to take an approach that is rooted in long term eradication of the business of fraud by breaking down the economic incentive.  Read Less
September 27, 2019
Colin Bastable
CEO
Lucy Security
Doordash does more than take a bite out of your food... Once again, third party risk exposes consumers’ data to the Dark Web. Just because the passwords are hashed and salted does not mean that this was an innocuous hack. 4.9 million consumers names, email addresses, phone numbers, addresses are available to be exploited multiple times over the next few years. In the race to grab market share, businesses like DoorDash place security too far down the list. Outsourcing data insources.....Read More
Doordash does more than take a bite out of your food... Once again, third party risk exposes consumers’ data to the Dark Web. Just because the passwords are hashed and salted does not mean that this was an innocuous hack. 4.9 million consumers names, email addresses, phone numbers, addresses are available to be exploited multiple times over the next few years. In the race to grab market share, businesses like DoorDash place security too far down the list. Outsourcing data insources cyber-insecurity, and consumers pay the price of a carelessly clicked email phishing link or a targeted spearphishing attack.  Read Less
September 27, 2019
Stephan Chenette
Co-Founder and CTO
AttackIQ
Almost exactly a year ago DoorDash customers’ notified the company their accounts were hacked in an apparent data breach. Now, DoorDash is facing yet another security issue affecting 4.9 million customers, workers and merchants. Breached information includes names, hashed and salted passwords, payment card information, among other personally identifiable information. Furthermore, delivery workers and merchants’ bank account numbers were stolen. This incident is a good reminder that it’s.....Read More
Almost exactly a year ago DoorDash customers’ notified the company their accounts were hacked in an apparent data breach. Now, DoorDash is facing yet another security issue affecting 4.9 million customers, workers and merchants. Breached information includes names, hashed and salted passwords, payment card information, among other personally identifiable information. Furthermore, delivery workers and merchants’ bank account numbers were stolen. This incident is a good reminder that it’s not just customers who are impacted when a breach occurs. Given their service model, DoorDash must maintain the trust of workers and merchants in order to survive, and protecting their sensitive data is a big part of maintaining that trust. Organizations should continuously assess the viability of their security controls to make sure that they are enabled, configured correctly and operating effectively. Cybercriminals are continuously looking for gaps in security defenses and overlooked basic security misconfigurations, to turn a quick profit. It shouldn’t take a massive breach for companies to realize they need a more proactive approach to strengthen security.  Read Less
September 27, 2019
Chris DeRamus
VP of Technology Cloud Security Practice
Rapid7
Since its founding in 2013, DoorDash has quickly become the biggest on-demand food delivery app in the U.S. and is the first of its kind to provide availability in all 50 states. 2019 is already on track to become the worst year for data breaches yet. In today's digital era and with the rise of the gig economy, reliance on cloud and container infrastructure is a critical part of the workforce. Companies such as DoorDash, whose entire platform between delivery worker, customer and restaurant is .....Read More
Since its founding in 2013, DoorDash has quickly become the biggest on-demand food delivery app in the U.S. and is the first of its kind to provide availability in all 50 states. 2019 is already on track to become the worst year for data breaches yet. In today's digital era and with the rise of the gig economy, reliance on cloud and container infrastructure is a critical part of the workforce. Companies such as DoorDash, whose entire platform between delivery worker, customer and restaurant is driven through a digital application, need to invest in improving their cloud infrastructure to safeguard not only customer data but the future success of the company. Organizations struggle to adopt and enforce best practices consistently and continue to lack the proper tools that identify and remediate insecure cloud configurations on a continuous basis. Only 100% consistency in implementing best practices, policies and tools can ensure protection against a breach. Automated security solutions are the only way to ensure proper security is enforced at all times.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.