According to DoorDash, a food delivery service, hackers stole the personal information of 4.9 million customers, delivery personnel, and merchants. According to a report on Techcrunch.com, the breach occurred on May 4, but customers who joined after April 5, 2018, were unaffected by the data breach.
DoorDash is blaming the breach on a third-party service provider, who it did not name. The company immediately investigated and engaged outside security experts to evaluate the damage.
Details of the Breach
Users who joined the platform before April 5, 2018, had their names, email and delivery addresses, order history, and phone numbers stolen, as well as their hashed and salted passwords. The company also said consumers had the last four digits of their payment cards taken, although full numbers and card verification values (CVV) were not taken.
The last four digits of both delivery workers’ and merchants’ bank account numbers were stolen in this breach. Around 100,000 delivery workers also had their driver’s license information stolen.
This news comes nearly one year after the food delivery company’s customers complained that their accounts had been hacked. At the time, the company denied a data breach and said attackers were running credential stuffing attacks, where hackers take lists of stolen usernames and passwords and try them on other sites that use the same passwords. But, many customers at the time said their passwords were unique to DoorDash.
What Steps Can You Take?
If you have been the victim of a data breach, here are a few steps you can take to protect yourself. Check your credit reports from all three companies (Equifax, Experian and TransUnion) for free by visiting annualcreditreport.com. If you find accounts or activities you do not recognize, those are signs that could mean your identity has been stolen.
A credit freeze on your files might be a good idea. This will make it more difficult for someone to open a new account in your name. However, a credit freeze will not prevent a thief from making charges to your existing accounts.
Carefully monitor your existing credit card and bank accounts for any unauthorized charges. If you don’t want a credit freeze, consider placing a fraud alert on your files. This will warn creditors that you may be an identity theft victim and that they should verify if anyone seeking credit in your name is actually you. Contact an experienced California class action attorney who can give you more information about pursuing your legal rights.
Source: https://techcrunch.com/2019/09/26/doordash-data-breach/