CHICAGO — DoorDash reported a security breach that has impacted nearly 5 million of its users.
On Thursday, the food delivery app announced approximately 4.9 million users including delivery drivers and merchants were affected.
The company said an unauthorized third party accessed user data on May 4, 2019.
The data included names, email addresses, delivery addresses, order history and phone numbers.
According to DoorDash’s website, partial credit card numbers were also accessed:
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
DoorDash said they were reaching out directly to affected users. And while not all users’ information was compromised they are advising everyone to change their passwords.
We are reaching out directly to affected users with specific information about what was accessed,” the company said on their website. “We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash.
Anyone who joined the app after April 5, 2018 was not affected
DoorDash said it has taken additional security steps including adding “additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
More information can be found on their website or by calling a call center available 24/7 for support at 855–646–4683.