DoorDash Admits to Data Breach; 4.9 Million Customers, Drivers Affected - NBC Bay Area
San Francisco

San Francisco

The latest news from around San Francisco

DoorDash Admits to Data Breach; 4.9 Million Customers, Drivers Affected

Personal Information Including addresses, phone numbers accessed



    Battle of the Bays: The Backstory You Need
    Getty Images
    This Oct. 9, 2018, file photo shows an insulated delivery bag with the logo for food delivery app Doordash, in the front seat of a Doordash delivery vehicle in Walnut Creek, California.

    What to Know

    • DoorDash says a data breach affected 4.9 million of its customers and drivers

    • Hackers accessed information including encrypted passwords, partial account numbers, addresses, and driver's license numbers

    • The delivery app company set up a phone number for concerned customers: 855–646–4683

    DoorDash is delivering bad news to millions of its customers and drivers: their data may have been accessed by hackers.

    In a blog post made Thursday on its website, San Francisco-based DoorDash said an "unauthorized third party" gained access to data for about 4.9 million users earlier this year.

    "Earlier this month, we became aware of unusual activity involving a third-party service provider," DoorDash said. "We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users."

    DoorDash did not immediately respond to an email inquiry from NBC Bay Area on Thursday afternoon.

    What You Should Know About the Equifax Settlement

    [NATL] What You Should Know About the Equifax Settlement

    Nearly 150 million people could be affected by the largest-ever settlement for a data breach.

    (Published Monday, July 22, 2019)

    According to the post, only users who signed up for DoorDash on or before April 5, 2018 are impacted. Anyone who signed up later than that should not be affected, DoorDash said.

    DoorDash operates a popular food-delivery app, using an Uber-like model connecting drivers and cyclists with hungry customers. Car and bicycle owners can sign up to be delivery drivers, or "Dashers," and receive payment for picking food up at restaurants and bringing it to diners' doorsteps.

    The DoorDash post said hackers infiltrated its system on May 4, and accessed information including customer names, emails, addresses, phone numbers, and encrypted passwords. DoorDash said the passwords could not be deciphered, but it advised customers to change their passwords just in case.

    The company said hackers also accessed the last four digits of some payment cards and bank account numbers, but not full numbers or the three-digit CVV required to authorize payment. DoorDash said full account information was not exposed.

    Drivers are affected, too. DoorDash said about 100,000 of its Dashers' drivers license numbers were exposed.

    While the company reaches out to affected users, it has listed detailed information about the data breach in its blog post. Concerned customers and drivers can also call 855–646–4683 to learn more.

    More Than 100 Million Affected by Capital One Breach

    [NATL]More Than 100 Million Affected by Capital One Breach

    Capital One says a hacker got access to the personal information of over 100 million individuals applying for credit.

    (Published Monday, July 29, 2019)
    Get the latest from NBC Bay Area anywhere, anytime
    • Download the App

      Available for IOS and Android