Food delivery service, DoorDash has confirmed a data breach.
In a blog post, Thursday, the company revealed that an “unauthorized third party” had accessed the personal information of approximately 4.9 million “consumers, dashers, and merchants.” The affected information includes names, delivery addresses, phone numbers, as well as, hashed, salted passwords.
Even worse, DoorDash said some customers had the last four digits of their payment cards taken. Luckily, however, full card numbers and CCV numbers were not.
But, both delivery workers and merchants had the last four digits of their bank account numbers stolen. And, approximately 100,000 of the company’s delivery workers had their driver’s licenses compromised as well.
DoorDash said the breach happened on May 4th of this year, but the company did not find out about it until after it began an investigation earlier this month.
Also worth noting, the breach is believed to have primarily targeted DoorDash users who signed up before April 5th, 2018.