News Insights: DoorDash confirms data breach affected 4.9 million customers, workers and merchants – TechCrunch

TechCrunch is reporting that DoorDash confirmed a data breach of 4.9 million customers, delivery workers and merchants.

DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers, and hashed and salted passwords stolen.

https://techcrunch.com/2019/09/26/doordash-data-breach/

NEWS INSIGHTS: According to Colin Bastable, CEO of Lucy Security:

“Doordash does more than take a bite out of your food… Once again, third party risk exposes consumers’ data to the Dark Web. Just because the passwords are hashed and salted does not mean that this was an innocuous hack. 4.9 million consumers names, email addresses, phone numbers, addresses are available to be exploited multiple times over the next few years. In the race to grab market share, businesses like DoorDash place security too far down the list.  Outsourcing data insources cyber-insecurity, and consumers pay the price of a carelessly clicked email phishing link or a targeted spearphishing attack.”