Malicious actors gained personally identifiable information of both customers and workers of DoorDash, the US food delivery platform revealed in a statement on Aug. 25.
The data breach occurred after a third-party vendor fell victim to a phishing attack that let hackers steal employee credentials and access internal tools, according to the statement.
“We recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected,” the notice reads.
In the data breach notice, DoorDash didn’t disclose the number of impacted customers. The company, however, has disclosed the type of customer and employee information exposed, and this includes:
“Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers,” DoorDash added.
The company also said it has seen no evidence of the misuse of the exposed personal data, such as identity theft or fraud.
In response to the data breach, DoorDash said it immediately cut off the link with the third-party vendor and that it’s working on enhancing security of their internal and third-party vendors’ security systems. The company also said it's working alongside police to find the culprits.
DoorDash customers are urged to remain vigilant for unsolicited emails, texts or phone calls asking for personal info, and to never click or download attachments for unsolicited correspondence.
Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.
Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:
· Discover the extent of your digital footprint
· Find out if your personal information was exposed in legal and illegal collections of data
· Benefit from 24/7 data breach monitoring for up to five email addresses
· Get instant alerts to new breaches and privacy threats
· Detect social media impersonators