Food delivery services are all the rage these days. Apparently, people are so averse to leaving their home, that they are willing to pay a premium to get meals driven to them. But wait, is that really a new trend? Pizzerias, for instance, have been delivering pies for years. Yeah, but that was driven by an employee of the restaurant. These days, services like Grubhub and DoorDash allow pretty much anyone with a car to be the go-between -- there is no vetting by the restaurant. Do you really want your food in the hands of a stranger? Lord knows what he/she could do to it.
If you are a DoorDash user, the suitability of your delivery driver is not what you need to be worried about today. Actually, your concern should be focused on your privacy, as the delivery service has suffered a massive data breach. Yes, hackers have infiltrated DoorDash, and the number of impacted people is staggering -- nearly 5 million. That doesn't just include customers but DoorDash drivers and merchants too!
"We take the security of our community very seriously. Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users," says DoorDash.
The company further says, "We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats. We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash."
DoorDash shares information about what information was gleaned by the hackers below.
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver’s license numbers were also accessed.
Please know, this hack apparently only impacts those who started using DoorDash prior to April 5, 2018. Even if you began using DoorDash after that date, it is wise to change your password anyway -- you can never be too safe. You can change your password here.