DoorDash breach exposes data of nearly 5 mn users

San Francisco-based startup DoorDash said it noticed unusual activity and discovered user data was accessed by an unauthorized t
San Francisco-based startup DoorDash said it noticed unusual activity and discovered user data was accessed by an unauthorized third party in May

On-demand restaurant meal delivery service DoorDash on Thursday said a breach of its system exposed nearly five million customers, eateries and "Dashers" to a data breach.

The San Francisco-based startup, which competes in North America with Uber Eats and GrubHub, said it noticed unusual activity early this month and discovered DoorDash user data was accessed by "an unauthorized third party" in May.

DoorDash assured users in an online post that it immediately blocked the intruder's cyber access and enhanced system security.

Data was exposed regarding approximately 4.9 million consumers, merchants and people who joined the meal delivery platform on or before April 5 of last year, according to DoorDash.

Information included names, phone numbers, and email and delivery addresses, along with passwords scrambled to be indecipherable, DoorDash said.

The last four digits of some customers' , as well as the final four digits of merchant and delivery people's , were also exposed in some cases.

"The information accessed is not sufficient to make fraudulent charges on your payment card" or withdrawals from bank accounts, DoorDash said.

Driver's license numbers for some 100,000 delivery people, referred to as "Dashers," were also exposed.

DoorDash said it did not believe passwords were compromised, but advised users to change them to be safe.

"We deeply regret the frustration and inconvenience that this may cause you," DoorDash said.

"Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy."

DoorDash at the end of last year was the leading US service to use a mobile app to match restaurant take-away orders with people willing to deliver the meals for a price.

DoorDash in August announced it was acquiring crosstown rival Caviar in a deal valued at $410 million.

DoorDash said it made the cash-and-stock deal with Square, the digital payments firm led by Twitter founder Jack Dorsey, which acquired Caviar in 2014.

While both firms offer on-demand delivery from restaurants online and using smartphone apps, they have different geographic "footprints" and restaurant partnerships.

"The addition of Caviar's premium restaurants, with whom DoorDash will work closely to drive their growth, will enable the combined organization to cater to every food preference and occasion," a statement from the companies said at the time.

DoorDash, founded in 2013 by Tony Xu and two other Stanford University students, serves some 4,000 cities in the United States and Canada and reaches some 80 percent of US households.

DoorDash was in the news earlier this year over a tipping policy that allowed the company to use consumer tips to make up base pay for its delivery contractors, a policy that was later modified.


Explore further

GM and DoorDash to deliver food with self-driving cars

© 2019 AFP

Citation: DoorDash breach exposes data of nearly 5 mn users (2019, September 27) retrieved 3 August 2020 from https://techxplore.com/news/2019-09-doordash-breach-exposes-mn-users.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
9 shares

Feedback to editors

User comments