DoorDash, the food delivery company, said that 4.9 million customers, delivery workers and merchants had their information stolen by hackers. According to a report on Techcrunch.com, the breach occurred on May 4, but added that customers who joined after April 5, 2018 are not affected by the breach. DoorDash is blaming the breach on a third-party service provider, who it did not name. The company said it immediately launched an investigation and engaged outside security experts to evaluate the damage.
Details of the Breach
Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers, and hashed and salted passwords stolen. The company also said consumers had the last four digits of their payment cards taken, although full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. Around 100,000 delivery workers also had their driver’s license information stolen in this breach.
This news comes nearly one year after the food delivery company’s customers complained that their accounts had been hacked. At the time, the company denied a data breach and said attackers were running credential stuffing attacks where hackers take lists of stolen usernames and passwords and try them on other sites that use the same passwords. But, many customers at the time said their passwords were unique to DoorDash.
What Steps Can You Take?
If you have been the victim of a data breach, here are a few steps you can take to protect yourself. Check your credit reports from all three companies (Equifax, Experian and TransUnion) for free by visiting annualcreditreport.com. If you find accounts or activity you do not recognize, those are signs that could mean your identity has been stolen.
It might be a good idea to place a credit freeze on your files. This will make it more difficult for someone to open a new account in your name. A credit freeze, however, will not prevent a thief from making charges to your existing accounts.
Carefully monitor your existing credit card and bank accounts for any unauthorized charges. If you don’t want a credit freeze, consider placing a fraud alert on your files. This will warn creditors that you may be an identity theft victim and that they should verify if anyone seeking credit in your name is actually you. Contact an experienced California class action attorney who can give you more information about pursuing your legal rights.
Source: https://techcrunch.com/2019/09/26/doordash-data-breach/
