Nearly five million people subscribed to the DoorDash food delivery service had their financial and personal information compromised, the company said Thursday.
A statement released by DoorDash said the company discovered that an unauthorized third party accessed the service’s database.
Users who signed up after April 5, 2018 are not affected.
Subscribers who joined prior to that date may have had data breached that includes “names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties,” DoorDash said.
The company assures subscribers that full credit card information, including CVV numbers, were not accessed; however, the last four digits of the cards may have been acquired by hackers.
Full bank account information necessary to make withdrawals from a bank account was not breached, the company said, but roughly 100,000 driver’s license numbers were accessed.
DoorDash said they are reaching out to affected users to inform them exactly what information was breached.
The company stated they are adding new layers of security to protect customers and while it’s unclear whether passwords have been compromised, subscribers are urged to create new, more secure login information.
DoorDash has established a call center for concerned subscribers to call for more information. The company can be reached at 855–646–4683.AlertMe