DoorDash data breach affects 4.9 million users — Have you been affected?

DoorDash, an app-based food-delivery service, disclosed a data breach affecting 4.9 million people.

Who could be affected? Drivers, restaurants, and customers.

The company said in a blog post, user information was accessed by an unauthorized third party. Here’s a partial list of personal data that could have been affected.

• Names
• Email addresses
• Delivery addresses
• Phone numbers
• Hashed and salted passwords (which can make the passwords indecipherable to third parties). 

The DoorDash data breach occurred on May 4, 2019. Only users who joined the platform on or before April 5, 2018 were affected. Those nearly 5 million accounts include customers who order food, restaurants that prepare it, and “Dashers,” the drivers who deliver it.

What other information was accessed in the DoorDash data breach?

For some users, additional information was exposed in the DoorDash data breach. Here are the details and who might be impacted.

Customers. The DoorDash data breach accessed the last four digits of consumer payment cards for some customers, but not the full credit card information.

Drivers and merchants. Dashers and merchants may have had the last four digits of their bank account numbers accessed.

Drivers. The driver’s license numbers of about 100,000 Dashers was accessed.

What if I joined DoorDash after April 5, 2018?

DoorDash said it has no evidence to indicate that users who joined after April 5, 2018 were affected.

It added that “not necessarily” everyone who joined on or before that date was affected by the breach. The company is reaching out directly to notify those who were impacted.

What is DoorDash doing to help victims of the breach?

Security notice. DoorDash posted a security notice for people who may have been affected by the breach. You can find it here.

Password updates. The company has said that although it does not believe passwords were compromised, it is nonetheless encouraging those affected to reset their passwords on their DoorDash accounts out of an abundance of caution. You can do that here.

Call center. DoorDash has set up a call center to answer your questions. The number is 855–646–4683.

What can I do to help protect myself?

It’s smart to take steps to help protect yourself after any data breach, including these.

• Reset your password on your account. In general, it’s a good idea to create unique, strong passwords on all your accounts. If you used your DoorDash password for any of your other accounts, be sure to update those login credentials.
• Monitor your payment card statements. Although the DoorDash breach didn’t expose full bank card numbers, it’s always a good idea to check your statements for suspicious charges.

What else can you do? The DoorDash data breach is a reminder that there’s not much you can do to protect information you provide to apps and online accounts. It’s a good idea to limit how much information you provide and to watch for signs of identity theft after a data breach.