Contact and Location Details Among Compromised Information
DoorDash confirmed a data breach that exposed names, email addresses, phone numbers, and physical addresses belonging to an unspecified number of users. The company said the incident affected customers, delivery workers, and merchants. Despite the theft of contact and location data, DoorDash stated that “no sensitive information was accessed by the unauthorized third party and we have no indication the data has been misused for fraud or identity theft at this time.”
Breach Tied to Social Engineering Attack
According to a post published last week, the breach began when an employee fell victim to a social engineering attack. DoorDash said it cut off the intruders’ access after detecting the activity, launched an internal investigation, and notified law enforcement.
No Financial or Government Identification Data Stolen
The company said the attackers did not obtain Social Security numbers, other government-issued identification numbers, driver’s license information, or bank or payment card details. DoorDash stated that it has notified impacted users.
Company Declines to Share Total Number of Victims
When asked how many people were affected, spokesperson Michelle Babin did not provide a figure. Instead, Babin sent a statement that aligned with the information in the company’s blog post.
Featured image credits: Marques Thomas via Unsplash
For more stories like it, click the +Follow button at the top of this page to follow us.