DoorDash Hit By Same Hackers as Twilio Breach
- By Bree Ann Russ
- Aug 26, 2022
A new data breach has hit food delivery juggernaut DoorDash, exposing personal customer data. The exposure came when hackers deployed a successful phishing attack that stole employee credentials from a service vendor. This breach allowed hackers to access some internal tools within DoorDash.
Hackers accessed a wide variety of information, including names, email addresses, and specific delivery addresses. A smaller group of people also face the reality that hackers could see some of the info from the cards they used to pay for services, including details like the last four digits of the credit card number and the type of card it was.
A recent phishing campaign’s success left hackers with login credentials from Twilio in August 2022. The same hackers also expanded their reach, hitting companies like Cloudflare and Signal. DoorDash is just another victim of the same hack, leaving a small percentage of its users in peril.
After discovering suspicious activity, DoorDash blocked access to third-party vendors and began a full investigation into the activity. The company is now working directly with a cybersecurity expert, adding new layers to the security they had in place to avoid further damage from the attack.
The information from DoorDash-acquired Wolt remains unaffected by this breach. However, this is not the first time DoorDash has been hacked. The most significant hack was back in 2019, when information from over 4.9 million customers, merchants, and delivery workers was leaked.
The company has yet to release the number of actual users affected by this breach. Still, they are doing everything they can to cooperate with investigators and help protect their customers.