The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers.
The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.
It’s not clear why it took almost five months for DoorDash to detect the breach.DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.
Pearson says that to its knowledge none of the accessed student data has been misused and the chances of the data being misused are low since no financial data was accessed. The company says it has already contacted all the people who had their data breached and is offering complimentary credit-monitoring services to affected victims.
Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.
The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.
Around 100,000 delivery workers also had their driver’s license information stolen in the breach.
Original story: PDF reader developer Foxit Software has suffered a data breach that exposed email addresses, phone numbers, and passwords associated with user accounts."Customers that use their Foxit 'My Account' credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access," the company added.
The news comes almost exactly a year after DoorDash customers complained that their accounts had been hacked. The company at the time denied a data breach and claimed attackers were running credential stuffing attacks, in which hackers take lists of stolen usernames and passwords and try them on other sites that use the same passwords. But many of the customers we spoke to said their passwords were unique to DoorDash, ruling out such an attack.
When asked at the time, DoorDash could not explain how the affected accounts were breached.
Updated with comments from the spokesperson.