Posted on 09/27/2019 5:45:44 AM PDT by rightwingintelligentsia
DoorDash has confirmed a data breach.
The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers.
The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.
It’s not clear why it took almost five months for DoorDash to detect the breach.
DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.
Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.
The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.
Around 100,000 delivery workers also had their driver’s license information stolen in the breach.
(Excerpt) Read more at techcrunch.com ...
The old “It wasn’t us, it was a 3rd party service provider” excuse doesn’t fly anymore.
Companies are responsible for vetting those with whom they share data or rely upon for critical services.
We audit about 30 per year on security.
IOW, they made updates and secured their system in April but failed to secure anything prior to that.
My sister had her account at her bank hacked a few months ago. DoorDash was on the list the thieves used.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.