Another day, another data breach. This time it’s thanks to DoorDash and “unusual activity involving a third-party service provider.” 4.9 million customers are affected.
This unauthorized third party accessed DoorDash user data on May 4, 2019. 4.9 million customers, Dashers, and merchants who joined on or before April 5, 2018 are affected. Those who joined after this date are not (but change your password anyway). Here’s the data that was leaked:
Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
DoorDash is reaching out to affected customers, and you can visit this page to reset your password.
[Keychain 101: Getting Started with Apple’s Password Manager]