[ad_1]
DoorDash confirmed a data breach.
The food delivery company said Thursday in an article on its blog that 4.9 million customers, deliverymen and merchants were stolen their information by hackers.
The flaw occurred on May 4, the company added, adding that customers who joined the group after April 5, 2018 are not affected by the flaw.
We do not know why it took almost five months to DoorDash publicly reveal the violation. Mattie Magdovitz, spokesperson for DoorDash, refused to say why.
The spokesman attributed the violation to "a third-party service provider", but the third party was not named. "We immediately launched an investigation and external security experts were hired to assess what happened," she said.
Users who joined the platform before April 5, 2018 had their names, email addresses, and shipping addresses, order history, phone numbers, and hashed and salted passwords stolen.
The company also said consumers had also taken the last four digits of their payment cards, although full numbers and card verification values (CVVs) were not taken. The delivery men and the merchants were stolen the last four digits of their bank account number.
About 100,000 drivers were also stolen from their driver's license information.
The announcement comes almost exactly one year after DoorDash customers complained about hacking their accounts. At the time, the company denied a data breach and claimed that its attackers had launched identification data attacks, in which hackers were taking lists of usernames and words stolen passwords and tried them on other sites using the same passwords. But many of the clients we talked to said that their passwords were unique to DoorDash, excluding such an attack.
When asked at the time, DoorDash could not explain how the affected accounts were violated.
[ad_2]
Source link