DoorDash Breach - August 4, 2022

DoorDash is known for its food and grocery delivery services across the US, Canada, and Australia. With more than 100,000 delivery drivers between the US and Canada and more than 20 million active customers, DoorDash is responsible for 59% of the food delivery market in America.

What Was the Breach?

The breach was an attack by the same people responsible for the Twilio hack. When the attackers gained access to the Twilio servers, they also gained access to their affiliates, such as Signal, Cloudflare, and DoorDash.

How Did the Breach Occur?

The information of many of its customers was accessed by hackers when a phishing campaign on Twilio succeeded, gathering the information of many of Twilio's corporate clients. The attackers had access to all of Twilio's clients and could have accessed any accounts outside of Twilio with the stolen information.

When Did This Breach Occur?

This breach occurred on August 4th, 2022.

Who Does the Breach Impact?

DoorDash released that the breach affected 4.9 million users, including merchants, drivers, and customers. Any DoorDash customers affected may have had their phone number, email, delivery address, and name exposed to the hackers.

How Many Files Does the Breach Affect?

“Importantly, the phishing campaign did not compromise sensitive information and we have no reason to believe that affected personal information has been misused for fraud or identity theft at this time,” DoorDash stated on its blog. “Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers.” Find out more by reading DoorDash Hit By Same Hackers as Twilio Breach.