DoorDash Announces Privacy Breach, Urges Customers To Change Passwords
LOS ANGELES (CBSLA) — A privacy breach involving millions of DoorDash customers may have compromised user data including names, phone numbers and even partial credit card numbers, the company announced Thursday.
Emails sent to affected DoorDash users revealed an "unauthorized third party" accessed the mobile delivery company's user data back on May 4. The company said approximately 4.9 million customers, drivers and merchants who joined the app on or before April 5, 2018, were affected.
According to the email, profile information including names, email addresses, delivery addresses, order history, phone numbers, "hashed" passwords, and for some users, the last four digits of consumer payment cards.
Doordash added that full credit card information was not accessed, meaning the data "is not sufficient to make fraudulent charges on your payment card."
The company says it immediately blocked the unauthorized user and are working to improve security protocols.
In the meantime, users were encouraged to change their account passwords.
"We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash," the company said in a statement.
Users can get more info on the DoorDash site or via a dedicated call center available 24 hours a day at (855) 646-4683.