DoorDash data breach compromised information of 4.9 million consumers, Dashers, merchants

BRAZIL - 2019/07/01: In this photo illustration the DoorDash logo is seen displayed on a smartphone. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

Popular food delivery company DoorDash announced Thursday that a data breach compromised the information of more than 4.9 million consumers, Dashers, and merchants.

"An unauthorized third party accessed some DoorDash user data on May 4, 2019," the company said in a press release.

The breach impacted anyone who joined the platform on or before April 5, 2018, according to DoorDash. 

"Users who joined after April 5, 2018 are not affected," the company added.

The type of user data accessed could include:

-Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.

-For some consumers, the last four digits of consumer payment cards. However, the company said, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on a consumer's payment card.

-For some Dashers and merchants, the last four digits of their bank account number. The company said full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from a Dasher or merchant's bank account.

-For approximately 100,000 Dashers, their driver’s license numbers were also accessed.

DoorDash said they have since taken several steps to secure customers data including adding additional protective security layers around the data, improving security protocols that govern access to the DoorDash systems, and bringing in outside expertise to increase the company's ability to identify and repel threats.

"We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash," the company said.

You can change your DoorDash password by clicking here and using the email address associated with your DoorDash account.

"We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. We’ve also set up a dedicated call center available 24/7 for support at 855–646–4683."