DoorDash confirms data breach affected 4.9 million customers, workers and merchants – TechCrunch
DoorDash has confirmed a data breach. The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers. The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 arâ¦
TechCrunch is reporting that DoorDash confirmed a data breach of 4.9 million customers, delivery workers and merchants.
DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers, and hashed and salted passwords stolen.
NEWS INSIGHTS: According to Colin Bastable, CEO of Lucy Security:
“Doordash does more than take a bite out of your food… Once again, third party risk exposes consumers’ data to the Dark Web. Just because the passwords are hashed and salted does not mean that this was an innocuous hack. 4.9 million consumers names, email addresses, phone numbers, addresses are available to be exploited multiple times over the next few years. In the race to grab market share, businesses like DoorDash place security too far down the list. Outsourcing data insources cyber-insecurity, and consumers pay the price of a carelessly clicked email phishing link or a targeted spearphishing attack.”