Food delivery service company DoorDash says they are investigating a security breach that has affected approximately 4.9 million users.
The company says they discovered unauthorized access from a third party on May 4, 2019.
Those affected include dashers and merchants who joined the platform on or before April 5, 2018. Users who joined after April 5, 2018 are not affected.
"We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users," says the company.
The company says the breach may have exposed the following:
- Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords - a form of rendering the actual password indecipherable to third parties.
- For some consumers, the last four digits of consumer payment cards. However, full credit card information such as full payment card numbers or a CVV was not accessed. The information accessed is not sufficient to make fraudulent charges on your payment card.
- For some Dashers and merchants, the last four digits of their bank account number. However, full bank account information was not accessed. The information accessed is not sufficient to make fraudulent withdrawals from your bank account.
- For approximately 100,000 Dashers, their driver's license numbers were also accessed.
DoorDash says they have taken additional steps to improve security and are reaching out to those affected directly.
"We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash," said the company.
Users are urged to change their password.
Those with questions can call the company at 855-646-4683.
CLICK HERE to learn more.