DoorDash is known for its food and grocery delivery services across the US, Canada, and Australia. With more than 100,000 delivery drivers between the US and Canada and more than 20 million active customers, DoorDash is responsible for 59% of the food delivery market in America.
The breach was an attack by the same people responsible for the Twilio hack. When the attackers gained access to the Twilio servers, they also gained access to their affiliates, such as Signal, Cloudflare, and DoorDash.
The information of many of its customers was accessed by hackers when a phishing campaign on Twilio succeeded, gathering the information of many of Twilio's corporate clients. The attackers had access to all of Twilio's clients and could have accessed any accounts outside of Twilio with the stolen information.
This breach occurred on August 4th, 2022.
DoorDash released that the breach affected 4.9 million users, including merchants, drivers, and customers. Any DoorDash customers affected may have had their phone number, email, delivery address, and name exposed to the hackers.
“Importantly, the phishing campaign did not compromise sensitive information and we have no reason to believe that affected personal information has been misused for fraud or identity theft at this time,” DoorDash stated on its blog. “Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers.” Find out more by reading DoorDash Hit By Same Hackers as Twilio Breach.