Hackers gain access to DoorDash's customer information and payment data

[email protected]

Published on 08/26/2022

 

Hackers gain access to DoorDash's customer information and payment data

As of 26th August 2022, DoorDash , a food delivery giant, has confirmed a data breach within its systems. This data breach has exposed its customer's personal information and payment details. According to DoorDash, malevolent hackers acquired employee login information from a third-party vendor. The hackers used this information to access some of DoorDash's internal data.

Following this incident, DoorDash has also added that it has cut off the third part vendor's access to its systems. This was done after DoorDash noted "unusual and suspicious" activity. The company has not named the third-party vendor whose system was compromised. However, Justin Crowley, the spokesperson for DoorDash, has said that the third-party vendor only had limited access to some of DoorDash's internal tools. While shedding light on the hacking incident, he said the breach was linked to a phishing campaign. This campaign is said to have compromised Twilio , a messaging firm, on 4th August.

The data breach that affected DoorDash's systems exposed the personal information of its customers. This includes access to names, delivery addresses, phone numbers and email addresses. In addition, hackers gained limited access to payment card data for a "smaller subset" of users, including the card type and the card number's last four digits.

Furthermore, the information of Dashers or DoorDash delivery drivers was also impacted by this breach. The company, however, stated that the attackers accessed only its Dashers' names, email addresses and phone numbers.

Even though the firm has said that the breach impacted only a "small percentage" of its users, it has not given any numbers surrounding the incident. Neither has the company mentioned when the breach took place. However, DoorDash has claimed that it took the time to "fully investigate" the incident and take account of everything that was impacted due to it. The company has also hired a cybersecurity expert to aid in the investigation. However, the details of the cybersecurity expert were not disclosed.

Considering the nature of this attack, many experts believe that this attack is part of a more extensive phishing campaign. The hacking group behind these attacks is called "0ktapus". It has been reported that this hacking group has stolen the credentials of approximately 10,000 employees from over 130 organizations. Some organizations include Signal, Twilio and other internet companies and outsourced customer service providers. These attacks have been carried out since March of this year.

Nevertheless, this data breach was not the first time DoorDash experienced a cybersecurity threat. In 2019, the firm was affected by a data breach that impacted the data of nearly 4.9 million customers, merchants and delivery agents. That breach, too, was blamed on a third-party vendor.

About DoorDash

In 2013, the San Francisco-based business DoorDash Drive made its debut. Andy Fang, Evan Moore, Stanley Tang, and Tony Xu are the founders of the business. It is an online platform for food delivery that seeks to connect clients with national, regional, and global companies. Since its inception, it has expanded beyond meal delivery to include other retail goods. By expediting the door-to-door delivery process and serving as a source of money for them, their goal is to help local companies. The company operates in the US, Canada, Japan, Germany and Australia.

Profile picture for user news@insiderapps.com
Peter Daniels
Peter Daniels is the lead journalist for InsiderApps.com


The business app store.
All the best web apps you need for your business. Curated and compared.
1,000+ Apps for every business category you can imagine. We independently review and compare software applications to find you the best ones for you what you need.
To accomplish your goals, you need the right tools.

interview news apps

FairPlay AI

Fair lending and Decision Analysis platform

Collaborator Pro

Direct Advertising Exchange Platform

Echobot

Sales intelligence solution for compliant B2B data

CSS Hero

WordPress Plugin to Customize Themes with Ease

Adalo

No Code Software Development

ContentStudio

Content Marketing & Social Media Management Tool

Hosthub

Channel Manager and PMS for Short Term Rentals

BrainCert

Unified training platform for remote teams

Lifesize

audio and video conferencing for teams.

Profit.co

OKR solution to help you define OKRs at every level of your organization

Squibler

All-in-One Writing Platform

InboxAlly

Email Deliverability Tool