Door Dash has issued an “important security notice” and confirmed the service has experienced a data breach.
The food delivery service announced in a blog post that the data of approximately 4.9 million consumers, drivers and merchants was accessed by an unauthorized third party.
Door Dash said they became aware of unusual activity involving a third-party service provider in early September and after an investigation, it was determined that some user data was accessed on May 4.
However, the company added that users who joined after April 5, 2018 were not affected.
Door Dash says they have taken a number of steps to further secure its users data, including adding additional security layers around the data, improving security protocols and bringing in outside experts to increase its ability to identify and prevent threats.
According to the company, the type of user data accessed could include:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
Door Dash is encouraging all users affected to reset their passwords.
For further information, click here to see the company’s FAQ page below. 24/7 support is also available for affected users via a dedicated call center at 855–646–4683.