Emerging Threats

DoorDash data breach affects 4.9 million users — Have you been affected?

DoorDash, an app-based food-delivery service, disclosed a data breach affecting 4.9 million people.

Who could be affected? Drivers, restaurants, and customers.

The company said in a blog post, user information was accessed by an unauthorized third party. Here’s a partial list of personal data that could have been affected.

  • Names
  • Email addresses
  • Delivery addresses
  • Phone numbers
  • Hashed and salted passwords (which can make the passwords indecipherable to third parties). 

The DoorDash data breach occurred on May 4, 2019. Only users who joined the platform on or before April 5, 2018 were affected. Those nearly 5 million accounts include customers who order food, restaurants that prepare it, and “Dashers,” the drivers who deliver it.

What other information was accessed in the DoorDash data breach?

For some users, additional information was exposed in the DoorDash data breach. Here are the details and who might be impacted.

Customers. The DoorDash data breach accessed the last four digits of consumer payment cards for some customers, but not the full credit card information.

Drivers and merchants. Dashers and merchants may have had the last four digits of their bank account numbers accessed.

Drivers. The driver’s license numbers of about 100,000 Dashers was accessed.

What if I joined DoorDash after April 5, 2018?

DoorDash said it has no evidence to indicate that users who joined after April 5, 2018 were affected.

It added that “not necessarily” everyone who joined on or before that date was affected by the breach. The company is reaching out directly to notify those who were impacted.

What is DoorDash doing to help victims of the breach?

Security notice. DoorDash posted a security notice for people who may have been affected by the breach. You can find it here.

Password updates. The company has said that although it does not believe passwords were compromised, it is nonetheless encouraging those affected to reset their passwords on their DoorDash accounts out of an abundance of caution. You can do that here.

Call center. DoorDash has set up a call center to answer your questions. The number is 855–646–4683.

What can I do to help protect myself?

It’s smart to take steps to help protect yourself after any data breach, including these.

  • Reset your password on your account. In general, it’s a good idea to create unique, strong passwords on all your accounts. If you used your DoorDash password for any of your other accounts, be sure to update those login credentials.
  • Monitor your payment card statements. Although the DoorDash breach didn’t expose full bank card numbers, it’s always a good idea to check your statements for suspicious charges.

What else can you do? The DoorDash data breach is a reminder that there’s not much you can do to protect information you provide to apps and online accounts. It’s a good idea to limit how much information you provide and to watch for signs of identity theft after a data breach. 

Cyber threats have evolved, and so have we.

Comprehensive protection from the ever-changing threats to your connected world. NortonTM 360 with LifeLockTM


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.