DoorDash is a food delivery service app which allows urban customers to order take-out from their mobile device and have it delivered to their door. Earlier this year, however, DoorDash experienced a data breach affecting around 5 million delivery personnel and customers. The app operates out of some major cities like New York, Chicago, Los Angeles, Washington, D.C., Atlanta, Las Vegas, Miami, and others. In September 2019, DoorDash’s security team noticed unusual activity from a third-party service provider, and they investigated finding that on May 4, 2019, an unauthorized user accessed customer and driver data. The security team took immediate steps to close the breach and further protect any additional leakage. They also notified users of the DoorDash data breach.
When Was the DoorDash Data Breach?
The hacking incident took place on May 4, 2019, and only affects users who joined the service before April 5, 2018. A lot of information was accessed and stolen during this breach. Criminals got away with delivery addresses and order history, names, email addresses, phone numbers, passwords (salted and hashed), some credit card information (last four digits), some bank account information (last four digits) along with about 100,000 driver’s license numbers.
How to See if You Were Affected by Doordash Data Breach
If you joined DoorDash after April 5, 2018, you were not affected. DoorDash has reached out to all affected parties. If you have not yet received anything, they are still in the process of sifting through the lost data, you should receive something soon. DoorDash posted this notice with information about the data breach and FAQs to answer customer and driver questions.
What to Do if Your Victim of Doordash Breach
If you were among the 4.9 million users affected by the DoorDash data breach, you should make a few changes. Although DoorDash assures customers that the data stolen is not enough to break into accounts, you should err on the side of caution.
- Change your password for your DoorDash account.
- If you used the same password anywhere else, change those accounts too and make them long and complex.
- It makes sense to contact your credit card company and cancel any cards you used with the service and have them send you new ones.
- If you provided bank account information, contact your bank’s fraud department to have them put a lock on your account or monitor it for unusual activity.
- Be extra careful in watching out for spam emails over the next few months. If you receive an email that looks like it came from DoorDash, verify it first before taking any action.
- Check your credit report for discrepancies and sign up for ongoing credit monitoring. Because the information was so recently stolen, it could have effects down the road.
Can My Information be Used for Identity Theft after DoorDash Data Breach?
Companies who are the victims of data breaches like to minimize the damage to their reputations by insinuating that the information stolen can’t be used for fraud or hacking, but it can. Even small bits of personal data can lead cybercriminals to additional details, which could allow them to infiltrate your credit card and bank accounts or take control of your computer. You can never be too careful about identity theft. It can happen to anyone!
What to Do to Protect Yourself to Keep Your Online Accounts Safe
We all love the convenience that online services and apps allow us, but there are also inherent dangers. Use these tips below to keep your accounts and online life safe.
- Use only a single credit card for online purchases and in apps. Monitor those statements carefully each month, scanning for fraud.
- Monitor your credit reports frequently and consider a credit freeze so no one can open new accounts in your name.
- Keep all your devices updated with the latest antivirus software and run deep scans often.
- If you are the victim of identity theft or fraud, report it to the authorities.
- Keep an eye out for phishing emails and scams.
- Never click links in email or download attachments.